WordPress.org

Ready to get started?Download WordPress

Forums

WordPress 2.5 site hacked! (9 posts)

  1. jbravo556
    Member
    Posted 6 years ago #

    Few minutes ago, one of my articles on my blog showed up as updated in my own RSS feed and when I checked the post's body I found an injected iframe that linked to this URL hxxp://61.155.8.157/iframe/wp-stats.php (change the hxxp to http).

    The linked frame delivered an obfuscated javascript.

    I think there is a significant security hole in WP 2.5

  2. whooami
    Member
    Posted 6 years ago #

    and your blog is where? whats the url?

  3. jbravo556
    Member
    Posted 6 years ago #

    does it matter? I already deleted the offending bits.

    Anyway it's:

    http://mymacinations.com/

  4. whooami
    Member
    Posted 6 years ago #

    yes, because I wanted to see from google, what you upgraded from.

    2.3.3 as of March 28.

    You might want to set up logging.

    http://www.village-idiot.org/archives/2008/04/03/wordpress-capturing-_post-requests/

    and at the same time, change your admin password, AND make sure that you have NO rogue admin accounts, or users that have permissions you didnt assign.

  5. jbravo556
    Member
    Posted 6 years ago #

    It happened today, does it matter what the previous version of WP was? I always try to be as up-to-date as possible.

    There are no users. Two admins only.

    I enabled logging too.

    Now I have to do this for my other two WP 2.5 sites.

    Crap...

  6. whooami
    Member
    Posted 6 years ago #

    does it matter what the previous version of WP was?

    yes it does, or I wouldnt have wanted to know, obviously.

    There are exploits in the wild for older versions of WP that will allow someone to get passwords. If you had been running 2.1.x for instance, your password might have been compromised way back when..

  7. UncleSam
    Member
    Posted 6 years ago #

    Mine as well. I cut out the malicious code, but it was within the post.

    wp 2.3.3

  8. UncleSam
    Member
    Posted 6 years ago #

    Can you tell if this is a known exploit, and if yes, then in which version ot was fixed, if it was.

  9. obscure
    Member
    Posted 6 years ago #

    The point about versions is that sticking a new version over a compromised older version won't necessarily fix the problem. For example some exploits in early versions allowed people to get the admin password. Simply updating to a secure version which does not have the exploit doesn't change the fact that someone has your password and can access the site simply by logging in, without any exploit. Likewise some earlier exploits allowed for the upload of a trojan file which allowed direct access to the server (not via WP) so again, patching the exploit wouldn't make you secure because the trojan still allows direct access.

Topic Closed

This topic has been closed to new replies.

About this Topic