Are you letting the install.php script create wp-config.php? Last I
checked, the installer creates this file with 666 perms...
Rafael
Rick Beckman wrote:
My host (Dreamhost) said it was a problem with Wordpress or one of its
plugins and left it at that.
The only files the cracker accessed though were related to login,
dashboard,
presentation, theme editor, and c99.php (a name variant of the
c99shell.phpscript).
I'm not upset with Wordpress--moreso my host for being less than
helpful--and was only wondering if it was a possible vulnerability. If it
was strictly password related, it's hard to imagine it happening twice
without repeated accesses of the login file.
Oh well,
Rick :-)
On 11/2/06, steve caturan <[EMAIL PROTECTED]> wrote:
looks like a local security breach. :) so forward your findings to
your host. they need to work with you to resolve the issue.
On 11/2/06, Rick Beckman <[EMAIL PROTECTED]> wrote:
> Using 2.0.5, I have had my whole hosting account wiped out twice via a
user
> being able to upload a script (commonly called c99shell.php) which is
able
> to do a number of malicious things. From what I have seen online via a
few
> Google searches, users are able to upload via the File Upload in the
> Wordpress admin without logging in. However, I also noticed in my logs
that
> the user was toying around in the Wordpress theme editor, but I
have no
idea
> what he was doing. And passwords were all changed between the site
> defacings.
>
> So, I'm just writing to confirm whether or not such a thing is
possible
(i.e.,
> could WordPress be to blame?) and is there a way to forbid the
uploading
of
> php files?
>
> --
> Rick Beckman
> _______________________________________________
> wp-testers mailing list
> [email protected]
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
_______________________________________________
wp-testers mailing list
[email protected]
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
[email protected]
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
[email protected]
http://lists.automattic.com/mailman/listinfo/wp-testers
