gumbo

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Forum: Fixing WordPress
    In reply to: 0-day Password Reset Vulnerability?
    Thread Starter gumbo

    (@gumbo)

    16 years, 3 months ago

    Hacked as in defaced. On most sites the attacker replaced the index.php for the active theme with their own page. On one site they changed to the default theme first and then defaced it.

    @rvoodoo: the thing is, this was on the order of 10 sites with various owners hacked on the same night in the same way (at least, for the ones I host that I could check logs for), so I’d guess there was no previous hack on all of them.

    Just curious if other people are seeing anything similar on 2.9.1 or know of a 0-day. I’m pretty sure my host was compromised and the attacker is able to get the outgoing e-mails for the password resets, but wanted to check around.

    Forum: Fixing WordPress
    In reply to: 0-day Password Reset Vulnerability?
    Thread Starter gumbo

    (@gumbo)

    16 years, 3 months ago

    Oops, sorry, 2.9.1. One or two had some plugins that should have been updated, but others were up-to-date on plugins.

Viewing 2 replies - 1 through 2 (of 2 total)