WordPress 2.5 site hacked!

and your blog is where? whats the url?

does it matter? I already deleted the offending bits.

Anyway it’s:

https://mymacinations.com/

yes, because I wanted to see from google, what you upgraded from.

2.3.3 as of March 28.

You might want to set up logging.

https://www.village-idiot.org/archives/2008/04/03/wordpress-capturing-_post-requests/

and at the same time, change your admin password, AND make sure that you have NO rogue admin accounts, or users that have permissions you didnt assign.

It happened today, does it matter what the previous version of WP was? I always try to be as up-to-date as possible.

There are no users. Two admins only.

I enabled logging too.

Now I have to do this for my other two WP 2.5 sites.

Crap…

does it matter what the previous version of WP was?

yes it does, or I wouldnt have wanted to know, obviously.

There are exploits in the wild for older versions of WP that will allow someone to get passwords. If you had been running 2.1.x for instance, your password might have been compromised way back when..

Mine as well. I cut out the malicious code, but it was within the post.

wp 2.3.3

Can you tell if this is a known exploit, and if yes, then in which version ot was fixed, if it was.

The point about versions is that sticking a new version over a compromised older version won’t necessarily fix the problem. For example some exploits in early versions allowed people to get the admin password. Simply updating to a secure version which does not have the exploit doesn’t change the fact that someone has your password and can access the site simply by logging in, without any exploit. Likewise some earlier exploits allowed for the upload of a trojan file which allowed direct access to the server (not via WP) so again, patching the exploit wouldn’t make you secure because the trojan still allows direct access.