mrcupp
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: java exploit hack in wp 3.3. beta@mickeyroush, it’s a known exploit that has been popping up on a lot of WP based sites (which are probably not up to date on security releases). I don’t think it really is WP related though. I’ve found a few friends who have been affected by this same exploit on servers w/out WP installed. It is more than likely an exploit tied back to phpMyAdmin or a server out-of-date on it’s security releases. (i know mine is out of date for a few apps).
the Thumbs.DB exploit was talked about here a few months back actually. here is the link to that forum entry: http://wordpress.org/support/topic/where-to-start-on-this-htaccess-issue
here’s is the ta”offical” release about the “Tim Thumb” 0day exploit: http://www.hackersbay.in/2011/08/tim-thumb-wordpress-exploit.html
here is the link to the pastebin I just made for this as well: http://wordpress.pastebin.ca/2090298
Forum: Fixing WordPress
In reply to: java exploit hack in wp 3.3. betathe first time the exploit occurred for me was back in sept, and was a hijacked .htaccess file that was including a “Thumbs.DB” file, which was in the root of the wordpress install. It contained the same line of code that is included at the end of all the infected .php files.
I have a copy of the most recent hack, and can put it up on a hackpad if needed. I however don’t have the original Thumbs.DB file since I purged it after the last cleanup.
Forum: Fixing WordPress
In reply to: java exploit hack in wp 3.3. beta@diegazo, exactly the same on my primary site (running MU) that got hit in sept as well. totally forgot about the cache in the themes 🙁 600 files to clean up…wpmu site had about 50 themes on it, and around 25 plugins.
Forum: Fixing WordPress
In reply to: java exploit hack in wp 3.3. betai’ve got it on 2 sites; second time in a month since installing/upgrading to 3.2.1
@diegazo, easy fix yes; total pain when one site is over 500 instances of the exploit 😉
i’ve found it in the following places in my sites:
*home.php *index.php *default.php