Forums

WordPress › Support » How-To and Troubleshooting

WordPress 3.0 email exploit (3 posts)

  1. ryansaw
    Member
    Posted 1 year ago #

    I just saw a large increase of email being sent on my mail server. It was by a company called

    Br4|n Baba Inc

    They uploaded a file to my Wp-Content/Uploads folder called

    kimabanking.php

    and were able to send out over 5000 messages before I caught it.

    I searched the forum and didn't see anything posted so I figured I would just let people know about it.

    Here is the IP address that I blacklisted that was associated with the exploit.

    41.155.114.66

    Not sure if this will ever help anyone, but figured it was worth letting people know about it.

  2. James
    Happiness Engineer
    Posted 1 year ago #

    It's a common hack technique. Your /wp-content/uploads/ directory probably has its permissions set to 777, which is writeable by everyone. The hack in question scours an exploited server (only one account needs to be exploited to compromise the entire server) for directories with 777 permissions to hide the file in.

    Setting the permissions of the directory to 755 should prevent that in the future, but WordPress may no longer be able to upload to the directory under certain server configurations.

  3. Vladimir Kolesnikov
    Member
    Posted 1 year ago #

    If you are running Apache, consider uploading .htaccess to /wp-content/uploads/ directory with this line:

    php_value engine off

    This will disable PHP interpreter for all PHP files in /wp-content/uploads/ and subdirectories.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags