Cracking WordPress | WordPress.org

flickerfly
19 years, 9 months ago

I found a malicious iframe that installed the Download Trojan JS_JECT.A on IE users computers on my blog this morning. It was loaded in a hidden iframe. My area of the site is pretty much limited to a WordPress install, but there are other things in other areas where a person might manage to get in sideways.
Anyway, I’m wondering if there are any known exploits in WP 1.2 and if anyone has advice for me to track this stuff down.
Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)

Mark (podz)
(@podz)

19 years, 9 months ago

The obvious advice is to ban the use of the insecure IE, to ensure that all computers are scanned by malware and AV software and are updated from m$ as often as possible.
I have not seen any exploits in WP since I started using it and inhabiting these forums in January.

Thread Starter Anonymous

19 years, 9 months ago

IE didn’t install it, it just falls victim to it. Thanks for the info on the exploits.
After looking around, it appears that no other area on my server has these iframes in the site. To search, I used the command:
for i in ls -1;do echo $i; grep iframe $i; done
And ran through each directory individually.

Thread Starter Anonymous

19 years, 9 months ago

Cancel that, I just found some in my moniwiki directory.

davidchait
(@davidchait)

19 years, 9 months ago

Yeah, if you are running an unsecured wiki, you can really get nailed by this new crop of stuff…
-d

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Cracking WordPress’ is closed to new replies.

In: Fixing WordPress
4 replies
3 participants
Last reply from: davidchait
Last activity: 19 years, 9 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics