[wp-hackers] attack on wp-admin/install.php

Konrad Karpieszuk kkarpieszuk at gmail.com
Tue Oct 8 16:56:12 UTC 2013


today few people reported me that instead of main page of my wordpress
site, they see installation wizard. after few minutes main website was ok,
but every subpages had error 404.

i went to dashborad > settings > permalink and refreshed structure of
permalinks. after that all website was ok.

but i see i logs that really somebody tried to get into install.php script,
even few times per second, this is apache log from begging of attack:


question: how it was possible that regular visitors saw installation script
during this attack? and why affter attack permalinks was broken?

at this domain i have two sites:
dev.wpzlecenia.pl - everything is up to date
wpzlecenia.pl - two plugins are in older versions
  - Google XML Sitemaps (i have 3.2.9) here is changelog
it looks that this plugin has no security issue in this version
  - WordPress SEO by Yoast - (i have version 1.4.15)  here is changelog
http://wordpress.org/plugins/wordpress-seo/changelog/ , it looks that
everything is ok in this older version

(en) regards / (pl) pozdrawiam
Konrad Karpieszuk
http://tradematik.pl wtyczka do WordPressa do tworzenia sklepów dla
klientów z Polski

More information about the wp-hackers mailing list