My WordPress 1.2-alpha-6 Hacked, index.php replaced (3 posts)

  1. marklyon
    Posted 10 years ago #

    My WordPress 1.2-alpha-6 install was defaced. I quickly locked down the login page and thought everything was fine. I am on W2k, IIS, MySql.

    I made a new post tonight, and actually clicked into the post. Because of the structure of my site, I didn't use my regular index.php to do that and instead hit the /wordpress/index.php.

    /wordpress/ is my wordpress install directory.

    The index.php file there had been replaced. Because of a minor error, the file does not appear to work.

    I know what I need to do is upgrade my install. I'll be doing that ASAP. I am, however, wanting to report this in case someone at WP wants to examine the script they replaced index.php with. Email me at mark [at] marklyon [dot] org, and I'll send you a link. I'd prefer not to post the script here, for obvious reasons.

  2. Alex Mills (Viper007Bond)
    Posted 10 years ago #

    Most likely the exploit is already known. 1.2 is known not to be secure. ;)

    Anyway, the e-mail address you're looking for is at the bottom of this page:


  3. fatalcure
    Posted 10 years ago #

    Damn hackers are so cool but not as cool as ninjas or pirates for that matter.. oh the glory's of being a pirate.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.