WordPress.org

Ready to get started?Download WordPress

Forums

Is someone trying to hack my blog? (8 posts)

  1. Holyhabanero
    Member
    Posted 6 years ago #

    Today when I logged in I see two comments awaiting moderation. But instead of a real comment, or spam, I see this:
    Bill845877422+ACc-,+ACc-470727516billy@msn.com+ACc-,+ACc-+ACc-,+ACc-168.38.1.104+ACc-,+ACc-2008-03-12 22:49:20+ACc-,+ACc-2008-03-12 22:49:20+ACc-,+ACc-+ACc-,+ACc-0+ACc-,+ACc-lynx+ACc-,+ACc-comment+ACc-,+ACc-0+ACc-,+ACc-0+ACc-),(+ACc-0+ACc-, +ACc-+ACc-, +A

    and the other comment I see this:
    +ACc- AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login=+ACc-admin+ACc- and substring(reverse(lpad(conv(substring(user_pass,1,1), 16, 2),4,+ACc-0+ACc-)),1,1)=+ACc-1+ACc- /*

  2. Jeremy Clark
    Moderator
    Posted 6 years ago #

    Looks like a sql injection attempt. Meaning they tried to either put or get information for you database that they shouldn't have access to. As long as your running the latest version of wordpress you should be fine.

  3. Holyhabanero
    Member
    Posted 6 years ago #

    Actually I just looked and I'm Running 2.1.3

    I went to GoDaddy who is hosting my account and requested an update, but the highest update they have is 2.2.1 Do you think this will be sufficient?

  4. Jeremy Clark
    Moderator
    Posted 6 years ago #

    No you really need to upgrade to the latest in the 2.3 branch. Upgrading isn't all that difficult and the instructions are very detailed and step by step.

  5. sarah11918
    Member
    Posted 6 years ago #

    I was just wondering this myself. I received 3 or 4 comments all in a row on one particular post today where the author's field was filled in with something like this:

    ' AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login='admin' and substring(reverse(lpad(conv(substring(user_pass,1,1), 16, 2),4,'0')),1,1)='1' /*
    (IP: 124.217.231.53 , 124.217.231.53)

    I figured it was looking for "admin" accounts it could hack?

    I have the latest upgraded version of wordpress, and I also checked to make sure I didn't have one of those "1" folders. Is this something to be concerned about?

    Thanks.

  6. bquackenbush
    Member
    Posted 6 years ago #

    Does 2.3 protect against sql insertion hacks via comments? I upgraded today after two of my blogs were attacked at almost the same time.

  7. lizr
    Member
    Posted 6 years ago #

    I had the same (or similar) attack attempt made against a blog of mine.

    Due to the environment it lives in, it would be far better if I could stick to the 2.0 branch for now.

    Is 2.0.11 "patched enough" to protect against these attacks, or do I absolutely need to be looking into 2.3.3?

    Thanks!

  8. Jeremy Clark
    Moderator
    Posted 6 years ago #

    Yes 2.0.11 is up to date and the 2.0 branch will be updated until 2010 you can download from here.
    http://wordpress.org/download/legacy/

Topic Closed

This topic has been closed to new replies.

About this Topic