Do you know what can b the source of this infection?
@wpyogi
Thanks for support. I really dont know from where was this theme.
In the licence it’s written:
Lighweight WordPress Theme example
Copyright (c) 2002,2001 WordPress.org
Since its so strange i decided to remove the theme. Maybe it will help.
Will post updates on this.
I just had this happen to me.. Access pattern that seems to have caused it:
91.121.10.229 - - [09/Jun/2014:16:43:24 -0500] "POST /wp-login.php HTTP/1.1" 302 879 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4"
91.121.10.229 - - [09/Jun/2014:16:43:25 -0500] "GET //wp-admin/themes.php HTTP/1.1" 200 49459 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4"
91.121.10.229 - - [09/Jun/2014:16:43:26 -0500] "POST /wp-admin/update.php?action=upload-theme HTTP/1.1" 200 30854 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4"
91.121.10.229 - - [09/Jun/2014:16:43:28 -0500] "GET //wp-content/themes/lightweight/license.php HTTP/1.1" 200 312 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4"
Not sure what the actual exploit was, beyond that.. but it appears to be something in wp-login, themes.php or, update.php.
WordPress 3.9.1, with no pending updates available.
Hello Kvandivo, sorry to hear it.
I had the same scenario in my case. After i discovered it i’ve installed plugin Simple History. It shows who logs in into your blog. It occured someone / something logs into one of authors account to the blog at the same time. And it ocurred it was old account of one of my authors. Surprisingly she had basic privilages, no admin privilages at all. It was in theory unable to upload themes. But the bot (i suppose) was able to break privilages and upload theme from author account.
Less said when i removed the author account this problem stopped to occur.
I think there is some kind of security hole in latest WordPress also that any user can upload themes without being an admin :/
I am now closing this 5 month old topic as it references an older version of WordPress. In the meantime, please refer to the reply in the second post of this topic.