Thank you for uploading this! Just for fun, I decided to install Microsoft’s FCIV (http://www.microsoft.com/en-us/download/details.aspx?id=11533) to check the MD5 and SHA1. I seriously doubt the pastebin file has been compromised, but oddly I’m getting different values:
MD5 e2afe543efd3620388ede3934ae560f3
SHA-1 847d24833f15ab408f5a51bc544e306514315677
I’ve never run FCIV before, so it’s entirely possible that I’m not doing it correctly.
@mcramer,
Whoops – you are quite right, I copied in MD% and SHA1 hashes for the wrong file! You values are the correct ones.
MD5 Hash of the file is: e2afe543efd3620388ede3934ae560f3
SHA1 Hash is: 847d24833f15ab408f5a51bc544e306514315677
Cool. I’m happy to report that I’ve uploaded the hashes-3.6.php, installed WP 3.6 and everything seems to be happy. Oddly, exploit-scanner is giving me fewer “warnings” than previously (9 as opposed to 20), so there actually seems to be some improvement on that front.
I tried saving the contents of that pastebin to hashes-3.6.php and uploading it to the root of the WP installation but the plugin still reports it as missing. Am I doing something wrong?
@dansinch,
You have loaded the hashes file into the wrong place. It need to go in wp-content/plugins/exploit-scanner/, you should see some other hashes files there already.
I installed Exploit scanner to my locally hosted dev site and got loads of warnings. I installed a clean localhost site, ran the exploit scanner again and got these results. Could someone please enlighten me as to how I am meant to interpret this. Obviously I do not expect anyone to analyse the lot, a quick look and a few pointers as to why these results have been return would be appreciated. I included a sample of the results and not the lot in their enirety.
Thanks
[Log deleted. Please use a pastebin.]
