WordPress 3.4.1 hacked via SQL UNION injection | WordPress.org

jamesjacobs
(@jamesjacobs)

13 years, 7 months ago

Hi there

I wonder if anyone can help me plug a potential hole.

One of the sites I look after was hacked yesterday. After spending a day going through everything, code, files, server logs I can now see what happened.

This is what I believed happened looking at the server logs.

[Details removed]
I can post server logs if needed. [Please don’t.]

What concerns me is that this vulnerability must still exist – how can I safeguard against it?

Thanks

Viewing 5 replies - 1 through 5 (of 5 total)

Krishna
(@1nexus)

13 years, 7 months ago

You need to start working your way through these resources:

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress

esmi
(@esmi)

13 years, 7 months ago

Please contact security [at] wordpress.org with the details.

The Hack Repair Guy
(@tvcnet)

13 years, 7 months ago

WordPress 3.4.1 is an older version of WordPress?

esmi
(@esmi)

13 years, 7 months ago

Correct but I’m not seeing any reference to this kind of security issue being addressed in 3.4.2 so I think it would be safest to assume that this is a potential security issue in 3.4.2 also.

esmi
(@esmi)

13 years, 7 months ago

@jamesjacobs: Can you also provide a list if your current plugins and the name of your theme when you submit a report to security [at] wordpress.org?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘WordPress 3.4.1 hacked via SQL UNION injection’ is closed to new replies.

Tags

hacked

In: Fixing WordPress
5 replies
4 participants
Last reply from: esmi
Last activity: 13 years, 7 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics