WordPress.org

Ready to get started?Download WordPress

Forums

2.3.3 site compromised (1 post)

  1. kilwag
    Member
    Posted 6 years ago #

    Last night a user in Amsterdam (Audit Trail plugin) managed to log in as the admin and alter the most recent post. All they did was insert a lot of "6" characters inside a font tag with a style that was supposed to hide all the sixes, but didn't.

    I had what I thought was a moderately secure password 8 characters long, only one properly spelled word in it, and one non-alphanumeric character.

    I'm not really asking for help, just posting in case it happens to others, leaving a trail for reference. I'm keeping an eye on it. Had been hacked twice in the last month with 2.3.1 so I relented and upgraded. learned my lesson! Here's the list and version of plugins I had installed when 2.3.3. post was altered. I went and got the latest versions when I went to 2.3.3.

    Admin Supermenu 0.1
    Akismet 2.1.3
    Audit Trail 1.0.8
    Flexible upload 1.9
    Get-a-Post R1.4
    Markdown 1.0.1k
    Post Image R1.1.1
    Preview Frame 1.2
    Preview Theme 1.0
    Simple Recent Comments 0.1.2
    the_excerpt Reloaded R1
    Top Posts By Category 1.0
    Userextra 0.3
    Usermeta 0.4
    WordPress.com Stats 1.1.1
    WordPress Database Backup 2.1.5
    Zap_NewWindow 1.2

    oh yeah.. the site is Skate And Annoy dot com. Registering was disabled but I had a few members without privileges that I hadn't purged yet.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags