Hacked with strange “core” files?

Arrrrgh. No kidding you’re not an expert. You’re probably running Windows 95 without any anti-virus too, right? Well. It worked on the day you got it after all.

Forget the core dump problem for a minute. People are telling you to upgrade because there’s a STONKING GREAT SECURITY HOLE that’s recently been discovered in earlier versions of WordPress.

WordPress is a collection of source code, yes. On it’s own it won’t change it’s behaviour. BUT – changes in server software will make it run differently and SO WILL HACKERS, using security weaknesses they’ve discovered.

If upgrading also fixes your core dump problem – great, but the main reason you’re being told to upgrade is because 2.7.1 is insecure on a public blog. If you need help to upgrade, people will help if you ask for it. They’ll bend over backwards sometimes in fact. If you’re just unwilling or just too plain stubborn/stupid/ignorant to upgrade, well then you’ll find help cleaning it up after a hack more thin on the ground and a much bigger pain in the bottom. Hopefully I won’t ever accidently visit your site and find it trying to install a load of malware onto my PC.

Best of luck. You pays your money…

@alism: After reading your text, I feel really bad and I will try to find back that money I lost.

Maybe you are missing that your vulnerable site isn’t just a problem for you but for everyone who happens to stumble across it?

Heh, you can’t help some people. Ah well – no skin off my nose.

WordPress is a collection of source code, which worked fine for months. A version doesn’t change its behaviour, only the environment can change it.

One might have a hard time saying anything that could possibly overshadow the sheer magnificence of the ignorance contained in that statement.

The “environment” has changed. The vulnerabilities “have” been published. These people are all trying to warn you and help you to understand the importance of that. My 12 year old niece has the acumen to find your site and successfully hack your blog using only the information found on this site and the internet. Why do you think they call them “security” upgrades? And of course, now that you have stated publicly – with arrogance – that you have no concern about your vulnerable version of WordPress being confiscated by some script-kiddie with 10 minutes to kill… Well, so much for security through obscurity. What could you possibly have to worry about?

Do you have any idea who put these core files into both weblog directories

You already thought you were hacked.

But what does “software” mean? WordPress is a CMS and not software (or I am wrong?)

Yes. To reiterate alism’s and songdogtech’s thoughts, You are incorrect. WordPress is a publishing software (web application) designed to be used primarily as a blogging platform. Although many good articles and resources do exist for assisting in converting it to an excellent content management system, that would not seem to be it’s attraction or intentional function by design.

The core dump files can, as many have stated, simply be discarded. It is nice to actually identify what application is generating the error and why though, if you can.

Regarding that worm what was Ma.tt warning for. I don’t trust Matt. I am not the only one who is asking “quo vadis, wordpress”.

I take back what I said about “..a hard time saying anything that could possibly overshadow the sheer magnificence of the ignorance..”

Best of luck to you with un-hacking your site.

I don’t know why you are upset about a version, which was a stable one just 4 months ago. I am not talking about 1.5!

I didn’t have problems to be called an idiot. But I don’t know why you all are telling me that my weblog would be in danger because of an worm. I mean, if you don’t know how a computer worm works, then never mind. I also didn’t call WP a software.
But listening to a guy who is interested in other things than security questions and you and many other people don’t ask, what this guy is telling us, sorry, that’s not my problem.

And again, thanks to all who gave me – an non-expert in server questions – an advise to get a chance looking into the problem. I went to google and looked about this “core dumb files”. Perhaps you could also use the internet to find out what a computer worm is and how it works. And then, call yourself into question.

Let’s finish this discussion.

Yeah… Well,

Best wishes to you friend. I hope you find out what’s causing your “core dumb” files. Sometimes it’s actually something very simple. Once you sort it out maybe you could post back and let us know what exactly was causing the problem. Especially if you find out it was php related. That might help a lot of others with the same issue.

Be well!

I am not an expert in things like that and I have no idea why it happens:

WordPress uses wp-cron.php to check if the weblog still works.

Suddenly, the wp-cron.php, was shown as 404 (although it was there!)

I checked that error in google:

https://www.google.co.uk/search?hl=en&num=30&newwindow=1&q=%22WP+cron+is+missing%22&btnG=Search&meta=

The wp-cron.php begins with :
require_once(‘./wp-load.php’);

Yesterday, I also noticed that browsers stopped loading my index.php, because “the process can’t be finished”. The code leads to the wp-blog-header.php.

The code in that wp-blog-header.php file requires wp-load.php. (There is also another file required but that hasn’t changed in 2.8.4)

The wp-load.php in 2.7.1 looks very different to that from 2.8.4, which works with my server software.

If you read some of these google entries above, you can see this problem is caused by changing the software on the provider’s side.

I personally finished that problem with switching to Dotclear dot fr