[TriLUG] OT: Wordpress Hack
Allen Freeman
knieveltech at yahoo.com
Thu Jun 4 15:28:10 EDT 2009
Neat trick, blaming insecure code on the language.
--- On Thu, 6/4/09, Tarus Balog <tarus at opennms.org> wrote:
From: Tarus Balog <tarus at opennms.org>
Subject: Re: [TriLUG] OT: Wordpress Hack
To: "Triangle Linux Users Group General Discussion" <trilug at trilug.org>
Date: Thursday, June 4, 2009, 11:46 PM
On Jun 4, 2009, at 3:07 PM, Mark Turner wrote:
> A number of my blogs were recently compromised. Same story: WP 2.7.1. I think it was an XMLRPC attack:
> http://www.markturner.net/2009/05/27/mt-net-recovers-from-another-hack/
Man, I hate PHP.
(sigh)
This was actually embedded in an old post, not in a comment, which I found weird.
As for users, when I get a registration that I don't recognize or one that doesn't post anything pretty much immediately, it gets deleted.
Thanks - I'll write Wordpress.
-T
P.S. If you do a search on some of the strings in that hack on Google, you'll see *a lot* of sites with it.
_______________________________________________________________________
Tarus Balog, OpenNMS Maintainer Main: +1 919 533 0160
The OpenNMS Group, Inc. Fax: +1 773 345 3645
Email: tarus at opennms.org URL: http://www.opennms.org
PGP Key Fingerprint: 8945 8521 9771 FEC9 5481 512B FECA 11D2 FD82 B45C
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG
mailing list