TECH Found this script in one of my sites

Browning

Most Adblocked AV Ever
Feb 14, 2005
90,023
http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html

Wasn't even a wordpress site. It was once installed but that's been removed for ~3 years now.

It doesn't just add the code. It also added a bunch of files to my images folder. Opened a couple up and it was nothing but spammy keywords ie. viagra and other types of pills.

I have removed the code and deleted the files but I'm wondering how some one was able to get access :o

Doesn't seem to have been installed on any of the other sites on the server. After googling for a while I seen a site saying it has something to do with link farms?
 

ge0

Active Member
Oct 31, 2005
8,389
JERSEY
I had a wordpress up and some asshole was able to change all my .HTACCESS files for all the directories.


I am through with wordpress
 

pharmokan

OT Supporter
Oct 18, 2002
105,925
L.A.
damn now im scurred

if i dont have access to root how do search for it

is it like a directory within a theme dir called timthumb?

havent seen any yet
 

pharmokan

OT Supporter
Oct 18, 2002
105,925
L.A.
wow i fuckin hate when these stupid devs release stupid fucking code that leaves your whole server vuln.

i cant believe his coding i read that article

dude just did a STRPOS from trusted sites

flickr.com

if i had 2 subdomains on my site

flickr.com.mydomain.com

i can transfer any file over to the other d00dz dir and run it.
 
TS
TS
Browning

Browning

Most Adblocked AV Ever
Feb 14, 2005
90,023
I actually wasn't talking to you. :o

I saw a couple of guys bitching about wordpress security and one guy saying that his site was recently hacked. I did only skim the thread, though.
:o


Still don't see how they got in. None of the other sites seem to have been affected, but they are wordpress. Wordpress was installed on this site but only for a very short period, like a week tops. It was removed, database deleted and all instances of it removed from the server. This was late 08/early 09.

I'm always changing things and those codes and files weren't there last week. :noes: It's just a static site

As far as I know the site hasn't been flagged for malware. Google safe browsing says it's not listed as suspicious
 
TS
TS
Browning

Browning

Most Adblocked AV Ever
Feb 14, 2005
90,023
you didn't read did ya:mamoru2:

at the time yes it was up to date. All of the other sites on the server that use wordpress are up to date
 

autox

Twitter bot
Oct 18, 2002
121,300
Yea I've had scripts injected into wordpress files/theme files before. I think it was because I had some shit set to 777, but I forget. Liquidweb helped me out though. :hs:
 

Users who are viewing this thread

About Us

  • Please do not post anything that violates any Local, State, Federal or International Laws. Your privacy is protected. You have the right to be forgotten. Site funded by advertising, link monetization and member support.
OT v15.8.1 Copyright © 2000-2022 Offtopic.com
Served by fu.offtopic.com

Online statistics

Members online
466
Guests online
51
Total visitors
517

Forum statistics

Threads
369,523
Messages
16,891,857
Members
86,873
Latest member
vitalesan