kulmu
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: SQL attack on wpress 2.9.2This has happened several times the same site. Even after I delete all files from the server and upload a fresh install.
Forum: Fixing WordPress
In reply to: SQL attack on wpress 2.9.2I am also being affected by a similer issue. I am on HostGator and was sent this by support:
***.**.**.*** – – [08/Apr/2010:11:32:39 -0500] “GET /wp-admin/theme-editor.php HTTP/1.1” 200 32691 “http://www.SITEURL.com/wp-admin/themes.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ar; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9”
I am having problems across several sites with what appears to be an SQL injection attack that is modifying the Admin email to xpxd1@hotmail.com and also changing the password. It also is replacing the theme files to reflect the hack with some middle eastern text.
Several of the blogs affected contain no Plug-ins aside from Block Bad Queries (BBQ) which was installed after the first blog was affected, but does not seem to help.
I have put .htaccess restrictions in place on wp-admin in hopes it can prevent another attack. Removing the theme files did not resolve the issue.
Forum: Fixing WordPress
In reply to: 2.9.2 SQL Injection?***.**.**.*** – – [08/Apr/2010:11:32:39 -0500] “GET /wp-admin/theme-editor.php HTTP/1.1” 200 32691 “http://www.SITEURL.com/wp-admin/themes.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ar; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9”
This is what I have traced it to.
Forum: Fixing WordPress
In reply to: 2.9.2 SQL Injection?I looked at that, but my wp_options is not being modified as part of the process.
I have tried to delete and reinstall WordPress twice now and it is still being affected.