WordPress.org

Ready to get started?Download WordPress

Forums

China hacked my WordPress site. Is there a new exploiut for WP 3.31? (2 posts)

  1. Mike McKoy
    Member
    Posted 2 years ago #

    I was on the highway yesterday when I got a email from the server saying my admin account had logged in from a place it'd never seen before. The IP was located in Bejing. Are they're any new exploits out there to be aware associated with WordPress?

    I searched for the IP in the raw apache logs. This is what I came up with. Any idea what the hacker may have been doing? Should I reinstall WordPress just to be safe?

    I swear I think this stuff is state sanctioned. I have a lot of email addresses on my box, 4.6 million in all. Anyone hacking my box could probably find the personal information of a lot of interesting people.

    122.72.0.2 - - [24/Mar/2012:11:39:50 -0500] "GET /wp-admin/theme-editor.php HTTP/1.1" 200 15717 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:39:57 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 200 12831 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:39:57 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 200 12831 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:12 -0500] "GET /wp-admin/theme-editor.php?file=/themes/classic/comments.php&theme=WordPress+Classic&dir=theme HTTP/1.1" 200 12869 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:21 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:21 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:24 -0500] "POST /wp-content/themes/classic/comments.php HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
  2. There are no known vulnerabilities with WP 3.3.1

    Looks like they were editing your theme. Follow the normal protocol. Change passwords, reinstall the files.

Topic Closed

This topic has been closed to new replies.

About this Topic