WordPress 2.7 hacked – could be related to wp-atom.php
Today my blog and my wife’s blog, both on wordpress 2.7 and on the same domain, got hacked.
I noticed this when I accessed our blogs on IE6 (yes sucks I know – but that’s what we have at work) and Norton anti-virus popped up and alerted me with a message saying that bloodhound.exploit.213 was found and deleted.
Looking through the scripts I found that a script was inserted into ALL header.php of all our themes, which would direct the browser to download a PDF from a website (which I suppose is infected).
I alerted my webhost, which very helpfully looked at the logs, and discovered that the time the header.phps were changed matched exactly certain POST requests to wp-atom.php. We therefore suspect that the scripts were inserted through wp-atom.php
As temporary measures my webhost has temporary blocked any POST requests to the wp-atom.php and wp-load.php which he thinks is the solution to prevent this from happening again. I am not sure whether or how this would affect wordpress though.
He said he will then install some security modules on the server to prevent arbitrary code from passing to the web server (which I don’t understand – sorry I am not a techie).
Thought I would share this with you all, as this worried me quite a bit, especially as I always regard myself as quite careful in keeping things up-to-date etc.. Also only our close friends and family members know the address of our blogs and I have disallowed search engines from crawling my sites. I have never encountered a virus before as I have been very careful with opening attachments etc. This hack really came as a bit of a shock to me and I would hate it if any of the visitors, which would invariably be our good friends and family, were to catch a virus because of visiting us.
- The topic ‘WordPress 2.7 hacked – could be related to wp-atom.php’ is closed to new replies.