I have been uploading files (newsletters) on a school website. Last time I tried to do so I got an error message and the site can not properly upload the letter. I keep gettin the link and then a bunch of ./././ someting like that. I think somehow a letter or something got deleted from the sit's actual code and im not sure where to start looking or what to look for.
uploading file to Site (error message, site can not upload file) (8 posts)
-
lgutica
Posted 4 years ago # -
kmessinger
Posted 4 years ago #Does this have anything to do with WordPress?
-
Posted 4 years ago #yea I guess.. i just need to know where I can start looking for an error in the actual website code. (I was told that the code is broken somewhere and when i try to upload a page to the site it can't find the page. So someone might have accidently deletes a small part of the main code.
-
robc
Posted 4 years ago #I'm having a similar issue with uploads all of the sudden... amongst several other strange issues that just popped up last night, like pages dissapearing / turning into posts. Here is the URL that the uploader is now inserting:
Like I said... was working for years.. then suddenly after last night I get this.
-
Posted 4 years ago #lgutica please post a URL
robc Do you have a working URL? The site in your profile is empty.
-
Posted 4 years ago #Actually I've figured out what's going on... my site has been exploited... appears to be script kiddie and an older exploit...
access log reads
207.210.112.209 - - [23/Mar/2008:17:18:55 -0700] "HEAD /wp-admin/ HTTP/1.1" 200 - "-" "-"
[24/Mar/2008:22:28:10 -0700] "POST /wp-admin/options.php HTTP/1.0" 500 1313 "http://agwired.com/wp-admin/options.php" "Opera"
[24/Mar/2008:22:28:10 -0700] "POST /wp-admin/options.php HTTP/1.0" 302 342 "http://agwired.com/wp-admin/options.php" "Opera"
[24/Mar/2008:22:28:11 -0700] "POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0" 500 1219 "http://agwired.com/upload.php?style=inline&tab=upload&post_id=-1" "Opera"
[24/Mar/2008:22:28:12 -0700] "POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1 HTTP/1.0" 302 - "http://agwired.com/upload.php?style=inline&tab=upload&post_id=-1" "Opera"
[24/Mar/2008:22:28:12 -0700] "POST /wp-admin/options.php HTTP/1.0" 500 1293 "http://agwired.com/wp-admin/options.php" "Opera"
[24/Mar/2008:22:28:13 -0700] "POST /wp-admin/options.php HTTP/1.0" 302 342 "http://agwired.com/wp-admin/options.php" "Opera"
[24/Mar/2008:22:28:13 -0700] "GET /wp-admin/upgrade.php?step=1 HTTP/1.0" 200 60971 "-" "-"That's where initial damage was done... and I do have in my possession a 14k php script that was placed in temp, but that I am not sure if it was run.
Rows were altered in my wp_options other than upload path, which lead to pages being turned into posts / disappearing from manage page... All of my plugins were deactivated because the offender "activated" this "plugin" and it was listed in options table as the first of all activated plugins... I'm clueless as to how he / she would then access such a "faceless plugin" or whether or not they were able to.. I didn't catch any calls that "activated" the plugin.. and unfortunately had mysql logging turned off. Not sure what I'm going to do from this point forward?
running wordpress 2.3.3
I've found others faced with a similar exploit in previous version but not this recent version: http://justaddwater.dk/2007/11/15/justaddwaterdk-hacked/
-
Posted 4 years ago #All I know is agwired is a legitimate WordPress site. Perhaps a mod will jump in here with advice.
-
Posted 4 years ago #Yes hopefully... as I do have more logs / information regarding this exploit attempt and as I didn't actually intend to post the blogs URL in my rush to find others dealing with this recent bout of scripted attacks.
Topic Closed
This topic has been closed to new replies.
