WP 2.6 security??

  • VFHwebdev

    (@vfhwebdev)


    17 years, 6 months ago

    I’ve got several wp blogs running 2.6.2 and a couple of days ago my host told me we’d been hacked and they’re pretty sure they’ve come through WP. I’m not savy enough to understand all the details, but I am getting absolutely hammered by this hacker.

    I found this: http://wordpress.org/development/2008/10/wordpress-263/
    and tried replacing those files yesterday. I’m still getting hammered.

    Does anyone know of other security holes in 2.6.2 other than what’s mentioned above? Should I roll back to something like 2.6.1?

Viewing 5 replies - 1 through 5 (of 5 total)
  • whooami

    (@whooami)

    17 years, 6 months ago

    I’m still getting hammered.

    please explain what you mean by that?

    Thread Starter VFHwebdev

    (@vfhwebdev)

    17 years, 6 months ago

    I mean the hacker is still finding their way into my site and is manipulating permissions, deleting folders and posting malicious content.

    Are there any other known security vulnerabilities in WP 2.6.2 other than the one mentioned here: http://wordpress.org/development/2008/10/wordpress-263/

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    17 years, 6 months ago

    Are there any other known security vulnerabilities in WP 2.6.2 other than…

    Not known so far. Usual caveat is that does not mean their isn’t any, just not known. Sometimes other methods of getting into a shared host are simpler and more effective than exploiting WordPress.

    The problem with fixing blogs that have been compromised is that often the compromise resulted in installing back doors such as bogus users, replacing files with Truly Evil(tm) versions, etc.

    Fixing the attack vector (assuming it was the snoopy files replaced in 2.6.3, and that can be a big assumption) doesn’t fix the newly installed back doors. If you haven’t already done so, give Donncha’s posting a good read. It’s a good reference for the work you may have ahead of you.

    If you are still getting hammered (and it involves computers) there are people here whoo you can ask nicely to help, some of them have cleaned up these messes before.

    Thread Starter VFHwebdev

    (@vfhwebdev)

    17 years, 6 months ago

    Thanks. Because of the back door issue, we’ve rolled back to a previous backup from a few days before we think the attack started. We’ve also temporarily taken down any blogs that were running on the site to prevent the hacker from getting back in.

    My plan is to start upgrading all the blogs to 2.6.3 and begin re-posting them to the web server.

    Any advice anyone has is greatly appreciated. Just remember to use small words and type slowly. I’m new to this stuff.

    Thanks!

    whooami

    (@whooami)

    17 years, 6 months ago

    there was a very thoughtful, recent post by otto on here with recommendations … doh i found it, its here:

    http://wordpress.org/support/topic/211179?replies=12

    the important thing to pay heed to is that you are actually deleting things, and not relying on just overwriting files.

    any malicious scripts that have been uploaded arent going to be removed bu uploading new files, and just overwriting. Its the most common mistake people with exploited sites make, imho.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘WP 2.6 security??’ is closed to new replies.