[wp-hackers] Hacked blogs

Mark E mark at simplercomputing.net
Sat Mar 28 04:34:14 GMT 2009



Beau Lebens wrote:
> I've (repeatedly) fixed a string of blogs that are hosted on
> DreamHost, and to be honest, at this stage I'm putting it down to an
> "internal" security problem on DH. Another symptom you might want to
> check for is a file called "wp-manager.php" in your wp-content
> directory. It's a single script that basically gives anyone complete
> access over your files etc (it's a file-manager) via a browser.
> 
> The reason I suggest that it's DH security and not necessarily WP is
> that it seems like someone is running a script on the server that just
> repeatedly hacks/modifies the contents of files on the server - it
> even did its work on a couple of blogs that I have which weren't
> publicly launched yet, but the files were there. From what I saw it
> attacked all index.php files and the latest is adding links to the end
> of header.php in all of my themes.

Could have easily been some other vulnerable Web app that provided the 
inroad.

I've seen that exact same file (wp-manager.php) along with several 
others on a diverse array of hacked hosts. Never seen it on DH though, 
and I manage a plethora of customer sites over there.

Mark


More information about the wp-hackers mailing list