Im interested on hearing how your site got hacked, maybe you could post a log files of what the hacker do to your site ? If it's for me i've been recently attacked too fortunately the attack was not success. Because they (the hackers located from turkey telecom) think i run Joomla, Mambo on my site and try to do some remote file inclusion attack. Btw did you run other CMS / Forum software on your site ? i mean other than wordpress of course. And sorry for my bad english :-)
-- Reaper-X Rick Beckman wrote: > Using 2.0.5, I have had my whole hosting account wiped out twice via a > user > being able to upload a script (commonly called c99shell.php) which is > able > to do a number of malicious things. From what I have seen online via a > few > Google searches, users are able to upload via the File Upload in the > Wordpress admin without logging in. However, I also noticed in my logs > that > the user was toying around in the Wordpress theme editor, but I have > no idea > what he was doing. And passwords were all changed between the site > defacings. > > So, I'm just writing to confirm whether or not such a thing is > possible (i.e., > could WordPress be to blame?) and is there a way to forbid the > uploading of > php files? > > -- > Rick Beckman > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
