Eikonal Blog

2010.04.27

WordPress attacks

Filed under: infosec — sandokan65 @ 13:28

Following a link posted recently in the sci.physics.research USENET newsgroup, I stepped upon an example of the WordPress exploit that some sites wrote recently. The web server redirects your browser request to the URL that in addition to the original requested URL has tucked at its end following string

%&evalbase64_decode_SERVERHTTP_EXECCODE.+&%/

. The content of that page is:

400 Bad Request
-----------------------------------------------------
nginx

First example (that I have seen) of hacked WordPress-based blog.

The discussion at the address http://wordpress.org/support/topic/383414 gives some usefull links on that type of hack:

If that’s happening on your blog, then you’ve been hacked.

Make a new backup of your files and database and save that:

Give this a good read:
http://codex.wordpress.org/FAQ_My_site_was_hacked

This is also good and referenced in that article: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

Once you’ve deloused your installation consider hardening your blog using this guide:
http://codex.wordpress.org/Hardening_WordPress

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: