My WordPress 1.2-alpha-6 Hacked, index.php replaced | WordPress.org

marklyon
(@marklyon)

18 years, 1 month ago

My WordPress 1.2-alpha-6 install was defaced. I quickly locked down the login page and thought everything was fine. I am on W2k, IIS, MySql.

I made a new post tonight, and actually clicked into the post. Because of the structure of my site, I didn’t use my regular index.php to do that and instead hit the /wordpress/index.php.

/wordpress/ is my wordpress install directory.

The index.php file there had been replaced. Because of a minor error, the file does not appear to work.

I know what I need to do is upgrade my install. I’ll be doing that ASAP. I am, however, wanting to report this in case someone at WP wants to examine the script they replaced index.php with. Email me at mark [at] marklyon [dot] org, and I’ll send you a link. I’d prefer not to post the script here, for obvious reasons.

Viewing 2 replies - 1 through 2 (of 2 total)

Alex Mills
(@viper007bond)

18 years, 1 month ago

Most likely the exploit is already known. 1.2 is known not to be secure. 😉

Anyway, the e-mail address you’re looking for is at the bottom of this page:

http://wordpress.org/about/contact/

fatalcure
(@fatalcure)

18 years, 1 month ago

Damn hackers are so cool but not as cool as ninjas or pirates for that matter.. oh the glory’s of being a pirate.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘My WordPress 1.2-alpha-6 Hacked, index.php replaced’ is closed to new replies.

In: Everything else WordPress
2 replies
3 participants
Last reply from: fatalcure
Last activity: 18 years, 1 month ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics