I’ve flagged this to the right people.
Your access logs are really important. Can you get them from the cpanel ? If you can, would you mind forwarding them to me ?
t2 @ tamba2 . org . uk
I will ensure the devs see them.
Can you also talk to your host, see if they have any problems reported across any servers / other customers with hacked sites.
Any help you can give us with this really would be appreciated.
The blog linked from your name is fine:
http://blog.bookieboy.co.uk/
On which sites did this occur ?
now, this is strange. This was the site that there was problems with.
It looks like my host replaced the backup.
I will take a look at the access logs and send you this if still needed.
It is very much needed please.
Okay, going to find them. Where do I send them too?
I stumbled on one spot last night that concerned me, in /wp-admin/profile.php, around line 74:
$newuser_lastname = wp_specialchars($_POST[‘newuser_lastname’]);
$newuser_nickname = $_POST[‘newuser_nickname’];
$newuser_nicename = sanitize_title($newuser_nickname);
$newuser_nickname is the only variable not cleaned (as far as I can tell). I changed mine to:
$newuser_nickname = wp_specialchars($_POST[‘newuser_nickname’]);
I tried to exploit it myself before making the change, however, and was unsuccessfull.
Thanks 🙂
The log shows no evidence of any sort of malicious activity on your site. The traffic for the last 24 hours seems perfectly normal.
Of course now is a great time to check you’ve got a full site backup, the latest plugins that protect against bots etc.
Thread re-titled.
I would enquire with your host as to any possible cause. It is perfectly possible it was a glitch at their end.
I tend to think so to. It was resolved when I started to ask questions.
*Going to look at the good plugins*
