Support » How-To and Troubleshooting » Cracking WordPress

Cracking WordPress

  • I found a malicious iframe that installed the Download Trojan JS_JECT.A on IE users computers on my blog this morning. It was loaded in a hidden iframe. My area of the site is pretty much limited to a WordPress install, but there are other things in other areas where a person might manage to get in sideways.
    Anyway, I’m wondering if there are any known exploits in WP 1.2 and if anyone has advice for me to track this stuff down.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The obvious advice is to ban the use of the insecure IE, to ensure that all computers are scanned by malware and AV software and are updated from m$ as often as possible.
    I have not seen any exploits in WP since I started using it and inhabiting these forums in January.

    IE didn’t install it, it just falls victim to it. Thanks for the info on the exploits.
    After looking around, it appears that no other area on my server has these iframes in the site. To search, I used the command:
    for i in ls -1;do echo $i; grep iframe $i; done
    And ran through each directory individually.

    Cancel that, I just found some in my moniwiki directory.

    Yeah, if you are running an unsecured wiki, you can really get nailed by this new crop of stuff…

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Cracking WordPress’ is closed to new replies.