WordPress.org

Ready to get started?Download WordPress

Forums

This was pretty weird (11 posts)

  1. alpha
    Member
    Posted 9 years ago #

    My blog is my homepage. I came home from work and lauched FireFox only to find my blog completely stripped of CSS; only the plain HTML version was viewable. Weird, I thought. Refreshed a couple of times and nothing. Launched Explorer to give it a shot and same thing.
    I clicked on the link to log in and was presented with a plain html version of the login page. Tried to log in and nothing would change on the screen. The only thing that changed is that, in the address bar in my browser I read http://theomegaattempt.com/wp-login.php/images//t/images//t/images//t/images//t/images//t/images//t/images//t/images//t/images//t/wp-admin/wp-admin/wp-admin/wp-admin/wp-admin/images//t/images//t/wp-admin/wp-login.php?action=login
    I removed all the crap from that address and got to log in without issues. I went to one of the posts which stores images on the directory that was within the address and republished it.
    Problem solved. What the hell was that?

  2. NuclearMoose
    Member
    Posted 9 years ago #

    Wow. I'm not insane. I had exactly the same thing. I couldn't log in or anything. I even tried the recover password utility, and got an email full of what looked like an MD5 hash.
    I uploaded my entire site from backups, and nothing changed. Finally I hashed a new password, entered it into the database manually, then signed in, and finally the blog seems to be back to normal.
    I would have pulled out hands-full of hair if it were at all possible!

  3. alpha
    Member
    Posted 9 years ago #

    This is happening again just now. What the hell is going on?

  4. Ryan Duff
    Member
    Posted 9 years ago #

    I noticed it too. Possible bug somebody is exploiting??
    I had the same thing with the siteurl being wrong. something like http://www.mysite.com/wp-admin/wp-admin/wp-admin/wp-admin/wp-admin/
    I just went in to phpmyadmin and changed it back and it worked. I noticed it yesterday when I went to my site and noticed the css wasn't loading.

  5. omann0
    Member
    Posted 9 years ago #

    are all of you using a virtual site structure with modRewrite rules?

  6. Ryan Duff
    Member
    Posted 9 years ago #

    I am, but what does that have to do with the field in the database being changed? Its not like its accidentally being rewritten wrong when I try and access the page, the physical field is being changed to something other than the base url.

  7. Ryan Duff
    Member
    Posted 9 years ago #

    Podz sent this link out on the mailing list. Somewhat relevant to the discussion http://wordpress.org/support/?action=search&searchFor=turnip

  8. Mark (podz)
    Support Maven
    Posted 9 years ago #

    This is the first post about the issue:
    http://wordpress.org/support/?action=vthread&forum=6&topic=11165&page=0
    so it's not new to 1.2.1.

  9. geekster
    Member
    Posted 9 years ago #

    Same exact thing happened to me. Three blogs on one database and in the span of about a half hour they all had their homepage changed.
    Gotta be an exploit...

  10. Ryan Duff
    Member
    Posted 9 years ago #

    Looks like its happening in 1.3 now too...
    http://wordpress.org/support/6/17950

  11. Ryan Duff
    Member
    Posted 9 years ago #

    As per http://wordpress.org/support/2/14231
    This seems to be the problem code:
    // If someone has moved WordPress let's try to detect it
    if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) != get_settings('siteurl') )
    update_option('siteurl', dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) );

    It's in both the 1.2.x and 1.3 versions of wp-login.php

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.