[wp-hackers] attack on wp-admin/install.php

Mika A Epstein ipstenu at ipstenu.org
Tue Oct 8 18:47:06 UTC 2013


I think causality is the other way around.

People were hitting install.php so much because the wizard was showing. 
Was your SQL server glitching?

> Konrad Karpieszuk <mailto:kkarpieszuk at gmail.com>
> October 8, 2013 9:56 AM
> hello
>
> today few people reported me that instead of main page of my wordpress
> site, they see installation wizard. after few minutes main website was ok,
> but every subpages had error 404.
>
> i went to dashborad > settings > permalink and refreshed structure of
> permalinks. after that all website was ok.
>
> but i see i logs that really somebody tried to get into install.php 
> script,
> even few times per second, this is apache log from begging of attack:
>
> http://wklej.org/id/1145478/
>
> question: how it was possible that regular visitors saw installation 
> script
> during this attack? and why affter attack permalinks was broken?
>
> at this domain i have two sites:
> dev.wpzlecenia.pl - everything is up to date
> wpzlecenia.pl - two plugins are in older versions
> - Google XML Sitemaps (i have 3.2.9) here is changelog
> http://www.arnebrachhold.de/projects/wordpress-plugins/google-xml-sitemaps-generator/changelog/,
> it looks that this plugin has no security issue in this version
> - WordPress SEO by Yoast - (i have version 1.4.15) here is changelog
> http://wordpress.org/plugins/wordpress-seo/changelog/ , it looks that
> everything is ok in this older version
>
>
>
> --
> (en) regards / (pl) pozdrawiam
> Konrad Karpieszuk
> http://tradematik.pl wtyczka do WordPressa do tworzenia sklepów dla
> klientów z Polski
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

-- 
Mika A Epstein (aka Ipstenu)
http://ipstenu.org | http://halfelf.org



More information about the wp-hackers mailing list