Well life sucks 8^(
IdahoFallz.com, I've been getting hacked the past few hours. I suspect SQL injection but I've no idea where or how to plug it. ANY help or advice really would be appreciated!
The attacker is so far only starting draft posts under various user names, each one taunts me that I've been hacked or places ads. I have the "Notify on draft post" plugin so some of the attacker's posts are being submitted to me for approval, some are not. None have been posted so I'm not suer if the person has admin access (yet). I changed my WP password and my FTP password. My files so far seem ordinary, nothing replaced or added so far.
The attacker came back a couple hours later and posted a couple more drafts. One is titled "We got owned by Evo - Voide.org/" and the content is:
It seems that you got owned by Evo, no harm has been done. I have simply found an error within your site and posted a news article to let you know. So this is just a let you know post. Peace. Evo
and every single category is checked.
I changed the passwords to uber-difficult for the users he had created posts under, to compensate if those users had weak passwords.
A couple hours later he came back, used mostly different users but one user which I had changed the password for, so I don't think that's the avenue.
I had Pierre's shoutbox running, and this was one messsage posted:
-998877/**/UNION /**/SELECT/**/0, 1,concat(0x7c,us er_login,0x7c,us er_pass,0x7c),co ncat(0x7c,user_l ogin,0x7c,user_p ass,0x7c),4,5/** /FROM/**/wp_user s
I disabled that plugin but a couple hours later I get more saved posts from the attacker.
I'm looking at the error_log at my site root and see several database error warnings from this afternoon:
'[02-Feb-2008 19:59:00] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND comment_approved = '1' ORDER BY comment_date DESC LIMIT 1' at line 1 for query SELECT comment_date FROM wp_comments WHERE comment_date > FROM_UNIXTIME(1200790740) AND comment_post_ID = AND comment_approved = '1' ORDER BY comment_date DESC LIMIT 1'
I know this is Saturday night but any help is really appreciated here.