timeuser

Those rules are not in our .htaccess

Here is the blog in question: https://jewelsbranch.com/blog

Here is the list of active plugins:

Advanced Most Recent Posts
Akismet
All in One SEO Pack
Audio player
Exclude Pages from Navigation
Exploit Scanner
FD Feedburner Plugin
FV WordPress Flowplayer
Google XML Sitemaps
Simple Facebook Connect
Sociable
Ultimate Google Analytics
WordPress Importer
WP Super Cache

Oh, and I don’t have timthumb.php on my site anywhere.

All my directories should be 755. I set them using the command on the hardening wordpress page in the codex.

Here is a list of files with mod times from the latest incident…

-rwxr-xr-x 54K Mar 5 13:07 /wp-content/plugins/all-in-one-seo-pack/zipper-class.php
-rwxr-xr-x 66K Mar 5 13:08 /wp-content/plugins/audio-player/wp-ajax-gadget.php
-rwxr-xr-x 12K Mar 5 13:07 /wp-admin/css/edit-form-header.php
-rwxr-xr-x 8.5K Mar 5 13:07 /wp-admin/user/options-meta.php
-rwxr-xr-x 66K Mar 5 13:08 /wp-admin/includes/class-wp-theme-edit.php
-rwxr-xr-x 12K Mar 5 13:07 /wp-includes/theme-compat/class-https.php
-rwxr-xr-x 54K Mar 5 13:08 /wp-includes/js/crop/query.js.php
-rwxr-xr-x 965 Mar 5 13:09 /wp-includes/images/pub825.jpg
-rwxr-xr-x 966 Mar 5 13:09 /wp-includes/images/pub400.doc
-rwxr-xr-x 8.5K Mar 5 13:10 /wp-includes/images/list923.tar
-rwxr-xr-x 7.1K Mar 5 13:11 /wp-includes/images/nix724.doc
-rwxr-xr-x 1.4K Mar 5 13:08 /wp-includes/images/nix924.doc
-rwxr-xr-x 744 Mar 5 13:10 /wp-includes/images/nix20.doc
-rwxr-xr-x 960 Mar 5 13:09 /wp-includes/images/pub57.jpg
-rwxr-xr-x 1.2K Mar 5 13:10 /wp-includes/images/sched903.tar
-rwxr-xr-x 1.1K Mar 5 13:09 /wp-includes/images/sched206.gif
-rwxr-xr-x 800 Mar 5 13:11 /wp-includes/images/nix901.jpg
-rwxr-xr-x 7.0K Mar 5 13:11 /wp-includes/images/pub704.doc
-rwxr-xr-x 1.3K Mar 5 13:11 /wp-includes/images/sched558.gif
-rwxr-xr-x 8.4K Mar 5 13:10 /wp-includes/images/list539.tar
-rwxr-xr-x 1.1K Mar 5 13:10 /wp-includes/images/sched215.tar
-rwxr-xr-x 5.7K Mar 5 13:10 /wp-includes/images/list555.tar
-rwxr-xr-x 5.6K Mar 5 13:10 /wp-includes/images/nix220.doc
-rwxr-xr-x 1.2K Mar 5 13:09 /wp-includes/images/list642.gif
-rwxr-xr-x 8.6K Mar 5 13:10 /wp-includes/images/list235.tar
-rwxr-xr-x 1.3K Mar 5 13:11 /wp-includes/images/list563.tar
-rwxr-xr-x 1002 Mar 5 13:09 /wp-includes/images/sched102.gif
-rwxr-xr-x 739 Mar 5 13:11 /wp-includes/images/pub129.jpg
-rwxr-xr-x 1.7K Mar 5 13:09 /wp-includes/images/list411.tar
-rwxr-xr-x 6.2K Mar 5 13:09 /wp-includes/images/nix605.jpg
-rwxr-xr-x 1.1K Mar 5 13:09 /wp-includes/images/nix221.jpg
-rwxr-xr-x 1.1K Mar 5 13:09 /wp-includes/images/list723.tar
-rwxr-xr-x 7.4K Mar 5 13:10 /wp-includes/images/sched23.tar
-rwxr-xr-x 12K Mar 5 13:07 /wp-includes/https.php

I don’t know if those image filenames are the same every time, but the other files being added are named like: wp-ajax-gadget.php, https.php, query.js.php, zipper-class.php, class-wp-theme-edit.php etc. They aren’t always put in the same directory though. My permissions on wp-admin and wp-includes are 755.

Yeah, I’ve considered Sucuri. I’d still like to know where this is getting in, whether it’s through a hole in WordPress or one of the plugins it’d be good if it could be reported and patched.

Has anyone figured anything out regarding this? I’ve been having the same issue with these same files being added to my site every couple days.

Nevermind I guess… I’m giving up on displaying the track title and artist info. It works if I put the info in the audio tag in wordpress, but never would pull it from ID3. I just disabled it entirely from the settings for now, but there does seem to be a bug or something there. I’m using the latest Flash player in FF3 and Safari on Mac OS X. Thanks for the player.

The player is not showing title or artist from the ID3 tags on my site. Everything is on the same domain and the mp3 files have valid ID3 tags. Any help?

See the problem here: https://jamiehalmick.com