[wp-hackers] Hacked blogs

Beau Lebens beau at dentedreality.com.au
Thu Mar 26 17:00:44 GMT 2009


I've (repeatedly) fixed a string of blogs that are hosted on
DreamHost, and to be honest, at this stage I'm putting it down to an
"internal" security problem on DH. Another symptom you might want to
check for is a file called "wp-manager.php" in your wp-content
directory. It's a single script that basically gives anyone complete
access over your files etc (it's a file-manager) via a browser.

The reason I suggest that it's DH security and not necessarily WP is
that it seems like someone is running a script on the server that just
repeatedly hacks/modifies the contents of files on the server - it
even did its work on a couple of blogs that I have which weren't
publicly launched yet, but the files were there. From what I saw it
attacked all index.php files and the latest is adding links to the end
of header.php in all of my themes.

HTH someone (I'll be shifting to a different web host soon).

Beau

On Thu, Mar 26, 2009 at 9:22 AM, Mike Schinkel
<mikeschinkel at newclarity.net> wrote:
> I too fixed a site that had this iframe problem, but it was a v2.6 site.  I know this was asked implicitly but let me ask again explicitly; is there any chance that these hacked sites shared any of the same plugins?  As Mark Jaquith tweeted about recently, plugin as a group are generally not written with good security practices in mind; maybe there's a huge security hole in a shared plugin?
>
> -Mike Schinkel
> Custom Wordpress Plugins
> http://mikeschinkel.com/custom-wordpress-plugins
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Beau Lebens
Dented Reality
beau at dentedreality.com.au
http://dentedreality.com.au


More information about the wp-hackers mailing list