Quantcast
Channel: WordPress › Support » User Favorites: griffman
Browsing all 30 articles
Browse latest View live

griffman on "My site was ambushed...need help figuring out how"

[Note: I edited this post to contain the full .js file] Tonight, while checking my site backup's sync log, I noticed a folder named "1" in the output, residing at the top level of the wp-content...

View Article



jonimueller on "My site was ambushed...need help figuring out how"

Yep, someone here on the WP forums warned about it on March 13 and posted this link: (I cannot find the original WP post right now, but I did bookmark the link.) http://seo.mhvt.net/blog/?p=268

View Article

whooami on "My site was ambushed...need help figuring out how"

it would be useful to know what plugins you have on that site. let me guess -- you are using either wp-cache, or wp-db-backup? Or both?

View Article

macsoft3 on "My site was ambushed...need help figuring out how"

Someone here on the WP forums warned about it on March 13... That was our story. The article is shown at p=268. So you've got the right link. So far, at least 62 or 63 WordPress blog websites are known...

View Article

griffman on "My site was ambushed...need help figuring out how"

Plug-ins. I have a larger number installed, but only these are active (are non-active plug-ins exploitable??): Active Discussions 1.1 Addicted To Live Search 1.02 AJAX Comment Preview 1.2.1 Ajaxified...

View Article


whooami on "My site was ambushed...need help figuring out how"

If your wp-content directory is still writable, fix that. chmod 755. That's one of the first things I would be doing. Ive argued against plugins and settings that require that for three years. As to...

View Article

macsoft3 on "My site was ambushed...need help figuring out how"

Thanks, griffman. I got it. jonimueller refers March 13 report to the one at seo.mhvt.net. If you can answer, what is the date stamp on those files in folder 1? Is it March 12 or 13? Or around 02:58 AM...

View Article

griffman on "My site was ambushed...need help figuring out how"

My wp-content directory is *not* generally writable, nor has it ever been generally writable. Here's what it's set up as: drwxr-xr-x Mar 16 08:42 wp-content I have removed the inactive plug-ins, and...

View Article


griffman on "My site was ambushed...need help figuring out how"

macsoft: The files were all timestamped 2:58am on the 15th. -rob.

View Article


macsoft3 on "My site was ambushed...need help figuring out how"

Thanks, griffman. That means they are constantly hacking WP blogs. There's an interesting code embedded in g.js. It's...

View Article

whooami on "My site was ambushed...need help figuring out how"

great Rob .. Im looking forward to looking at them. If you like, I can provide a way for you do some more intense logging, and I HIGHLY recommend finding out if your host has mod_security compiled into...

View Article

whooami on "My site was ambushed...need help figuring out how"

I found the exploit in your logs. Check your email in a few minutes. I will be emailing security@wordpress.org

View Article

whooami on "My site was ambushed...need help figuring out how"

There were http_posts sent to certain files (that I pointed out in my emails). The data sent in the posts isnt going to be seen in your logs, unfortunately. The filename, however, is clear as day. You...

View Article


whooami on "My site was ambushed...need help figuring out how"

Without divulging the file name, I should say, that I just looked through my own mod_security logs, and see a different attempt at an RFI attack, pointed at a core file that lives inside wp-includes/...

View Article

thesu on "My site was ambushed...need help figuring out how"

This happened to me, too! The file was timestamped 3/18. My wp-content folder was already set at permission 755, so I don't know how the hacker got in there. I was running wp-cache and deactivated it....

View Article


whooami on "My site was ambushed...need help figuring out how"

this thread was resolved, thesu. I assure you that if your site was compromised at some point, they will come back. You might not see em, but they will come back. Keep in mind, that coming back doesnt...

View Article

TheTim on "My site was ambushed...need help figuring out how"

I just discovered the same issue on my site, which is running WordPress 2.3.3. Whooami, you say that this was resolved, but I don't see any explanations of what can be done to prevent it from happening...

View Article


whooami on "My site was ambushed...need help figuring out how"

I have blogged about what I have done in repairing previously hacked sites on my own blog. This isnt a directory permission issue, it never has been one. People that suggest otherwise, arent aware of...

View Article

mvandemar on "My site was ambushed...need help figuring out how"

"This thread was resolved because..." This thread is not actually resolved, since a clean install of 2.3.3 has this vulnerability as well. While changing the cookie names may indeed thwart whatever bot...

View Article

raygene on "My site was ambushed...need help figuring out how"

If your wp-content directory is still writable, fix that. chmod 755. That's one of the first things I would be doing. Ive argued against plugins and settings that require that for three years. OK, just...

View Article
Browsing all 30 articles
Browse latest View live




Latest Images