oeswebmaster
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: WP adding code to the end of url links breaking themThanks for the link…. I wonder what the “longpart” would be…
I did find an issue with trackbacks after all, they were changed to “default” from name and date. I confirmed this by clicking a link sent to me a couple of months ago, it was broken, then I looked at the Google cache for the site and sure enough it was name and date style.
The link you provided starts with that assumption (about xmlrpc) but 5 pages later it has wound up with the conclusion is it is a vulnerability in wordpress versions < the most current 2.8.4, allowing for registered subscribers to be able to access wp-admin functions. This allows the attacker to create funky permalinks which enable xmlrpc to execute the base64 encoded commands.
Thanks again!
Forum: Fixing WordPress
In reply to: WP adding code to the end of url links breaking themBackground: I am an experienced webmaster but have not spent any time with my wordpress installation. My site was compromised over the long weekend, with a handful of files modified at three different times, and a “secret” admin installed at a fourth time.
My registrations were absolutely disabled — I needed to enable them to register a guest account so that I could then get the edit URL so then I could use the edit function on this intruder. Yet I had 5 successful registrations in the 4 days prior to being hacked, and none since.
I had several files around the site that had malicious code inserted immediately following the opening PHP tags. I had a .htaccess file that redirected non-existent file requists to index.php changed to remove that code. I had an index.php file added.
I had the “hidden” admin user, but I do not see any permalink code anywhere on my site. m The admin user did not have an email address associated with it in the database.
The files modified were as follows:
/.htaccess
/wp-load.php
/wp-admin/link-category.php
/wp-content/index.php
/wp-includes/class-wp-dependencies.php
/wp-includes/index.php (added)I’m not sure what version of wp I’m running, but I am running WPAU and the dashboard is suggesting I upgrade to 2.8.4
Since I don’t seem to be affected by the permalink issue (and the wp blog on my site is dormant for all intents and purposes), I only caught this because I noticed changed files were about to be copied during my backup process.