WordPress.org

Support

Support » How-To and Troubleshooting » This was pretty weird

This was pretty weird

Viewing 10 replies - 1 through 10 (of 10 total)
  • NuclearMoose

    @nuclearmoose

    Wow. I’m not insane. I had exactly the same thing. I couldn’t log in or anything. I even tried the recover password utility, and got an email full of what looked like an MD5 hash.
    I uploaded my entire site from backups, and nothing changed. Finally I hashed a new password, entered it into the database manually, then signed in, and finally the blog seems to be back to normal.
    I would have pulled out hands-full of hair if it were at all possible!

    This is happening again just now. What the hell is going on?

    I noticed it too. Possible bug somebody is exploiting??
    I had the same thing with the siteurl being wrong. something like http://www.mysite.com/wp-admin/wp-admin/wp-admin/wp-admin/wp-admin/
    I just went in to phpmyadmin and changed it back and it worked. I noticed it yesterday when I went to my site and noticed the css wasn’t loading.

    are all of you using a virtual site structure with modRewrite rules?

    I am, but what does that have to do with the field in the database being changed? Its not like its accidentally being rewritten wrong when I try and access the page, the physical field is being changed to something other than the base url.

    Podz sent this link out on the mailing list. Somewhat relevant to the discussion http://wordpress.org/support/?action=search&searchFor=turnip

    This is the first post about the issue:
    http://wordpress.org/support/?action=vthread&forum=6&topic=11165&page=0
    so it’s not new to 1.2.1.

    Same exact thing happened to me. Three blogs on one database and in the span of about a half hour they all had their homepage changed.
    Gotta be an exploit…

    Looks like its happening in 1.3 now too…
    http://wordpress.org/support/6/17950

    As per http://wordpress.org/support/2/14231
    This seems to be the problem code:
    // If someone has moved WordPress let's try to detect it
    if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) != get_settings('siteurl') )
    update_option('siteurl', dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) );

    It’s in both the 1.2.x and 1.3 versions of wp-login.php

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘This was pretty weird’ is closed to new replies.
Skip to toolbar