[wp-trac] Re: [WordPress Trac] #5070: Unauthorized administrator registration

Tue Sep 25 00:29:26 GMT 2007

#5070: Unauthorized administrator registration
-----------------------------+----------------------------------------------
 Reporter:  Emu              |        Owner:  anonymous
     Type:  defect           |       Status:  new      
 Priority:  highest omg bbq  |    Milestone:  2.5      
Component:  Security         |      Version:  2.2.3    
 Severity:  critical         |   Resolution:           
 Keywords:                   |  
-----------------------------+----------------------------------------------
Comment (by Emu):

 Records in access log is:

 203.223.153.105 - - [24/Sep/2007:08:07:57 +0300] "GET
 http://blog.mysite.net/wp-admin/post.php?action=edit HTTP/1.0" 302 0
 "http://blog.mysite.net/wp-admin/post.php?action=edit&" "Mozilla/5.0
 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5"
 203.223.153.105 - - [24/Sep/2007:08:08:00 +0300] "GET
 http://blog.mysite.net/wp-login.php?redirect_to=%252Fwp-
 admin%252Fpost.php%253Faction%253Dedit HTTP/1.0" 200 1893
 "http://blog.mysite.net/wp-login.php?redirect_to=%252Fwp-
 admin%252Fpost.php%253Faction%253Dedit" "Mozilla/5.0 (Windows; U; Windows
 NT 5.1; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5"
 203.223.153.105 - - [24/Sep/2007:08:08:02 +0300] "GET
 http://blog.mysite.net/wp-login.php?action=register HTTP/1.0" 200 1814
 "http://blog.mysite.net/wp-login.php?action=register" "Mozilla/5.0
 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5"
 203.223.153.105 - - [24/Sep/2007:08:08:05 +0300] "POST
 http://blog.mysite.net/wp-login.php?action=register HTTP/1.0" 302 0
 "http://blog.mysite.net/wp-login.php?action=register" "Mozilla/5.0
 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5"
 203.223.153.105 - - [24/Sep/2007:08:08:09 +0300] "GET
 http://blog.mysite.net/wp-login.php?checkemail=registered HTTP/1.0" 200
 1950 "http://blog.mysite.net/wp-login.php?checkemail=registered"
 "Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8) Gecko/20051111
 Firefox/1.5"
 203.223.153.105 - - [24/Sep/2007:08:08:11 +0300] "GET
 http://blog.mysite.net/wp-login.php?redirect_to=%252Fwp-
 admin%252Fpost.php%253Faction%253Dedit HTTP/1.0" 200 1893
 "http://blog.mysite.net/wp-login.php?redirect_to=%252Fwp-
 admin%252Fpost.php%253Faction%253Dedit" "Mozilla/5.0 (Windows; U; Windows
 NT 5.1; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5"
 203.223.153.105 - - [24/Sep/2007:08:08:14 +0300] "GET
 http://blog.mysite.net/wp-login.php?redirect_to=%252Fwp-
 admin%252Fpost.php%253Faction%253Dedit HTTP/1.0" 200 1893
 "http://blog.mysite.net/wp-login.php?redirect_to=%252Fwp-
 admin%252Fpost.php%253Faction%253Dedit" "Mozilla/5.0 (Windows; U; Windows
 NT 5.1; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5"

 I replace my blog with "blog.mysite.net". That's all from that IP address.
 Seems that like normal registration with redirects from WordPress engine
 but I'm sure that is not.

 There is no "/wp-content/plugins/plugin.php" hits at least 22.09.2007 (I
 have older logs in .gz archives and could check them).

 Hope that help.

 Regards, Emu

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5070#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software