[wp-hackers] Black Hat Chinese Hackers - Looking for your input

George Pearce pearce.gs at googlemail.com
Mon Jun 2 21:19:56 GMT 2008 

I've been talking to Marie, and from what I can see there are no affected
Wordpress files, there are some silly 777's, but all the files have either
been refreshed or checked manually. Nothing seems to be in the directory
that the blog is, either.
It's strange. 
How else would that 404 be achieved, without editing any files. Also, a
javascript tag has attached itself to the bottom of the </html> on each
page.

(I'm replying because I've been talking to Marie for the last half hour :) )

George

-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Jason Webster
Sent: 02 June 2008 22:16
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] Black Hat Chinese Hackers - Looking for your input

Here's a few things that would be useful to know:

Are you sure Wordpress was the point of entry for the attack?

What kind of hosting? ie, shared/dedicated.

MLR wrote:
> Hi Guys,
>
> I have noticed two things:
> - The combination of the Words WordPress and Hack mostly return topics
> about making WP do cool things (the spirit of this mailing list)
> - Most requests for info about fixing hacked blogs are dead ends on
> wordpress.org
>
> Today I am trying to fix a hacked blog without simply starting over. I
> want to know what happened to create the following problem:
>
> All request in the address bar to ANY wp-admin files returns a 404 error.
>
> the .htaccess file seems clean.
>
> All files were at 2.5.1
>
> I have already overwritten all files in sequence to spot which one
> would have rogue code.
>
> I checked the theme it seems fine (no encoded bits of javascript or rogue
code)
>
> I have removed the javascript functions at the bottom of the index.php
> that a bot inserts everyday on the site.
>
> Your pointers will definitely help me understand the source of the issue.
>
> What is your opinion on the usefullness of this plugin?
> http://www.askapache.com/wordpress/htaccess-password-protect.html
>
> (I know this is easely done the classic way but don't we all have a
> gazillion blogs to manage!?!)
>
>
> Thanks a lot,
> Marie-Lynn
> http://www.friendly-webmaster.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   

_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
No virus found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 269.24.4/1478 - Release Date: 02/06/2008
07:12

More information about the wp-hackers mailing list