WordpresZ 2.6.4

  • I think that my WordPress has been hacked. I’m not a technical guy so looking at the PHP etc is not an option.

    In my dashboard the second box down on the left – the one that tell me all the recent news changed it tells me to
    Update WordPress 2.6.4 immediately!

    and points me to a site called wordpresz.org where a suspicious download of WordPress 2.6.4 is waiting for me.

    Is my site compromised? What can I do? What other damage should I expect?

    Thanks
    Ken

Viewing 3 replies - 31 through 33 (of 33 total)
  • Roy

    (@gangleri)

    Exactly my idea. The hack itself seems pretty harmless and even the ‘2.6.4’ doesn’t seem to do much but stealing cookies of the fifth user. I guess it’s a test and since

    https://www.wordpresz.org is sharing the IP address (209.160.33.108) with a fake online pharmacy https://www.livepills.com.

    my guess is that it’s either a test to spam the dashboard or see how many people can be fooled into installing a fake WP and then put them full of spam.

    Strange too, btw., that immediately after people started talking about it, the domainname was dropped.

    Maybe having us discuss how the dashboard can be changed was the whole point ??

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    Even if he was running 2.5, the SECRET_KEY stuff would prevent them from getting the passwords from a simple sql injection.

    I’m thinking it was most likely an automated sql injection through a vulnerable plugin. Mass scripting, since others have reported it too. No easy way to tell which one though, without server logs. Considering the hack itself, the vulnerability may be confined to modifying rows in the options table, which leaves few avenues for attack.

    whooami

    (@whooami)

    secret key…would prevent them from getting the passwords from a simple sql injection.

    …that wouldnt stop them from getting the data, that would just stop further processing.

    But yes, I understand your point.

Viewing 3 replies - 31 through 33 (of 33 total)
  • The topic ‘WordpresZ 2.6.4’ is closed to new replies.