[wp-hackers] Hacked blogs

Lynne Pope lynne.pope at gmail.com
Sat Mar 28 05:12:10 GMT 2009


2009/3/28 Mark E <mark at simplercomputing.net>:
>
>
> Lynne Pope wrote:
>> Ok....
>>
>> WP 2.7.1 hacked.
>> On VPS with one other domain. The other domain contains one single
>> index.html file.
>> Both are jailed.
>>
>> Running PHP 5.2.5 MySQL4.
>
> If at all possible for your site add Suhosin to your PHP install. That'll
> help stop all sorts of bad stuff targeted directly at or through PHP.
>
> http://www.hardened-php.net/suhosin/
>
> If you've got a shell with root access you can probably find a ready-made
> package to install. Otherwise you'll have to download it and compile it
> yourself. Not a big deal, but more work.
>
> Mark

I had already recommended this to the site owners and both got refused
by their hosting companies (I can't think why, with the VPS, but it
might be a managed VPS I guess).

The biggest problem I find in situations like this is that people
rarely believe anything other than the app can be at fault. I could
yet be proven wrong but I can't find any evidence that WordPress
itself was open to these attacks.

Lynne


More information about the wp-hackers mailing list