WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Security question bregarding White Screen of Death strikes another victim (5 posts)

  1. marcelinosi
    Member
    Posted 7 months ago #

    Hi, I not only deactivated all plugins on old blog I also deleted them all from WP plugins direct... After coping new 3.8 files blog works fine, but after some time I am Blank Page screen victim. After I delete wp-include and wp-admin and copy old one blog works.. It seems blog is on heckers checking list and WP 8 has some hole..

    And please advice - which version do you recommend to have to avoid problems..?

    Thx a lot!

    Peace, Georg

    Using 3.6 IS a security risk. There aren't any known issues with 3.8 - if there were this kind of issue, we'd be seeing many people reporting similar problems. Can you reproduce the problem with ALL plugins deactivated and a default theme active? For further discussion, please start your own thread.

    ~ WPyogi

  2. Andrew
    Forum Moderator
    Posted 7 months ago #

    The newest version of WordPress is always going to be the better one for security

  3. marcelinosi
    Member
    Posted 7 months ago #

    yes it true - but it seems hardly communicate through blank screen. This is another part of problem:"

    Hi it seems it could be some vulnerability of wordpress. When I upload WP 8 files, its Ok at beggining after some minutes its down (seems blog is old and could be registered somewhere for checking). What i found is: load.php under wp-includes is changed in line:
    * @return null Will return null if register_globals PHP directive was disabled
    */$xpath = dirname(__FILE__); $xname = basename(__FILE__);
    @require(dirname(__FILE__).'/cpt.php');

    and cpt.php is then new file (not from wordpress but new created on wp-includes with content: http://pastebin.com/byjCGXhN

    If we change only load.php from WP 3.6, blog doesnt work.

    When I deleted wp-includes and wp-admin and return them from release wp 3.6 RC2 http://wordpress.org/download/release-archive/ then blog is stable and doesnt crash anymore."

  4. marcelinosi
    Member
    Posted 7 months ago #

    P.s.: now i return to wp7 rc2..

  5. Cris Puno
    Member
    Posted 4 months ago #

    A client came in with their site hacked - it wasn't one that I built so I was unfamiliar how the site was set up. All I know was that they upgraded to WP 3.8 after finding out it was hacked but keep getting the white screen. They also changed all their passwords (Cpanel, FTP, WordPress).

    Found the same thing - load.php getting rewritten every hour, with a cpt.php file that gets generated. Changing file permissions for load.php didn't help. Looked to see if there were any scripts that looked out of the blue and saw some under a .cgi folder.

    It contained a couple of scripts that were the culprits (.cgi.log, .sys.log and cgi.php) - it triggered the load.php file to change permissions to 755 and changed its contents. Removed the files and it fixed the site. Still using 3.8.

    I suggest checking to see if you find these files and remove them if they exist. Also change your passwords too just in case.

    Hope this helps!

Topic Closed

This topic has been closed to new replies.

About this Topic