looks like a local security breach. :) so forward your findings to your host. they need to work with you to resolve the issue.
On 11/2/06, Rick Beckman <[EMAIL PROTECTED]> wrote:
Using 2.0.5, I have had my whole hosting account wiped out twice via a user being able to upload a script (commonly called c99shell.php) which is able to do a number of malicious things. From what I have seen online via a few Google searches, users are able to upload via the File Upload in the Wordpress admin without logging in. However, I also noticed in my logs that the user was toying around in the Wordpress theme editor, but I have no idea what he was doing. And passwords were all changed between the site defacings. So, I'm just writing to confirm whether or not such a thing is possible (i.e., could WordPress be to blame?) and is there a way to forbid the uploading of php files? -- Rick Beckman _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
