Open Designs
Community. Driven.
-
- CommentAuthorfernbap
- CommentTimeJul 9th 2008
Just ran into an interesting wordpress exploit on a blog i know.
The nice thing about it is that it only shows for google bots, so you have to alter the user agent for being able to see it. example:
Screenshot
Apparently, it is the theme that is hacked.
Just to let wordpress users know.... -
- CommentAuthorAeriff
- CommentTimeJul 9th 2008
This is a relatively old exploit and is fixed in 2.5.1 - ironically enough I got hacked and only found it a couple of days ago.
The person who hacked your site places base64 encoded PHP which downloads pages containing spammy links (such as those in the screenshot) and places them into your theme files.
There's the Wordpress Exploit Scanner (plugin) which can check for any suspicious code and here's a quick rundown on it (shameless self plug
)
-
- CommentAuthorfernbap
- CommentTimeJul 9th 2008
Yea, the reason i brought it up is that most people don't realize they were hacked unless alerted to it. -
-
CommentAuthoricyone
- CommentTimeJul 9th 2008
I found the user agent addon but how do you add google to it?
-
-
- CommentAuthorsquirrelnmoose
- CommentTimeJul 9th 2008
The exploit scanner plugin worked great for me. My wifes site got hacked and I missed a couple of lines that the scanner picked up. -
- CommentAuthorfogster
- CommentTimeJul 9th 2008
wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php (and a few related TinyMCE/PShellShell files, actually) call shell_exec.
It looks as if this is how the files actually are, and not an exploit on my system... Can anyone confirm that they get hits for those files with Exploit Scanner? (I'm using WPMU 1.5.1.) Thanks!
1 to 6 of 6