WordPress.org

Support

Support » How-To and Troubleshooting » China hacked my WordPress site. Is there a new exploiut for WP 3.31?

China hacked my WordPress site. Is there a new exploiut for WP 3.31?

  • I was on the highway yesterday when I got a email from the server saying my admin account had logged in from a place it’d never seen before. The IP was located in Bejing. Are they’re any new exploits out there to be aware associated with WordPress?

    I searched for the IP in the raw apache logs. This is what I came up with. Any idea what the hacker may have been doing? Should I reinstall WordPress just to be safe?

    I swear I think this stuff is state sanctioned. I have a lot of email addresses on my box, 4.6 million in all. Anyone hacking my box could probably find the personal information of a lot of interesting people.

    122.72.0.2 - - [24/Mar/2012:11:39:50 -0500] "GET /wp-admin/theme-editor.php HTTP/1.1" 200 15717 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:39:57 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 200 12831 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:39:57 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 200 12831 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:12 -0500] "GET /wp-admin/theme-editor.php?file=/themes/classic/comments.php&theme=WordPress+Classic&dir=theme HTTP/1.1" 200 12869 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:21 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:21 -0500] "POST /wp-admin/theme-editor.php HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
    
    122.72.0.2 - - [24/Mar/2012:11:40:24 -0500] "POST /wp-content/themes/classic/comments.php HTTP/1.1" 200 35 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27"
Viewing 1 replies (of 1 total)
  • There are no known vulnerabilities with WP 3.3.1

    Looks like they were editing your theme. Follow the normal protocol. Change passwords, reinstall the files.

Viewing 1 replies (of 1 total)
  • The topic ‘China hacked my WordPress site. Is there a new exploiut for WP 3.31?’ is closed to new replies.