[wp-hackers] Hacked blogs

Lynne Pope lynne.pope at gmail.com
Fri Mar 27 07:14:05 GMT 2009


WP 2.7.1 hacked.
On VPS with one other domain. The other domain contains one single
index.html file.
Both are jailed.

Running PHP 5.2.5 MySQL4.1
suexec running, server hardened.
register_globals off
url fopen off
trackbacks disabled
xml-rpc disabled

The site is running the following plugins:

Google Sitemaps
Configure SMTP
Subscribe to Comments
Syntax Highlighter

There are a number of entries in the logs showing 200 responses where
nothing appears to have got in (or, at least I haven't found the
payload yet).
There are also a number of attempts to run base64 code appended to
wp_cron that have resulted in 500 errors.

Agent: libwww-perl/5.803 used in all suspicious log entries.

Attempts to download the txt files used have so far been unsuccessful.
I will continue digging to see what I can pinpoint.


More information about the wp-hackers mailing list