Comments on: Well, an update worth its salt http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ Musings from a Software Development Geek. Tue, 08 Sep 2009 15:32:26 +0000 http://wordpress.org/?v=2.9 hourly 1 By: WordPress under gpc_10805 attack | ShinePHP.com http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11849 WordPress under gpc_10805 attack | ShinePHP.com Tue, 08 Sep 2009 15:32:26 +0000 http://www.seanrees.com/?p=672#comment-11849 [...] http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ But pay attention that not only WordPress sites are attacked in this manner, look at the [...] [...] http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ But pay attention that not only WordPress sites are attacked in this manner, look at the [...]

]]> By: vladimir http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11848 vladimir Tue, 08 Sep 2009 01:02:55 +0000 http://www.seanrees.com/?p=672#comment-11848 I think it is not the WordPress vulnerability issue. Look at this thread http://www.webdeveloper.com/forum/showthread.php?p=1032611 A lot of none-php clean HTML sites were infected with this gpc_() in the same manner. It is more probably that it uses compromised FTP passwords which stolen from your desktop by some virus which infected your computer. I think it is not the WordPress vulnerability issue. Look at this thread
http://www.webdeveloper.com/forum/showthread.php?p=1032611
A lot of none-php clean HTML sites were infected with this gpc_() in the same manner. It is more probably that it uses compromised FTP passwords which stolen from your desktop by some virus which infected your computer.

]]> By: Tech Club | Small Business Technology News and Innovations http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11847 Tech Club | Small Business Technology News and Innovations Sat, 05 Sep 2009 20:41:29 +0000 http://www.seanrees.com/?p=672#comment-11847 [...] related to the problem: http://www.journeyetc.com/2009/09/04/wordpress-permalink-rss-problems/ http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ http://wordpress.org/support/topic/297639/page/2 [...] [...] related to the problem: http://www.journeyetc.com/2009/09/04/wordpress-permalink-rss-problems/ http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ http://wordpress.org/support/topic/297639/page/2 [...]

]]> By: Sean http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11846 Sean Sat, 05 Sep 2009 19:47:23 +0000 http://www.seanrees.com/?p=672#comment-11846 It looks like there are more details (but not many more): http://mashable.com/2009/09/05/wordpress-attack/ It looks like there are more details (but not many more): http://mashable.com/2009/09/05/wordpress-attack/

]]> By: benanne http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11845 benanne Fri, 04 Sep 2009 13:50:05 +0000 http://www.seanrees.com/?p=672#comment-11845 I was running v2.6.3, and the same thing happened to me. At least, the permalink setting was changed. I haven't found any injected code. To get rid of it, I fixed the permalink setting, but that turned out to be insufficient; closer inspection of my database revealed that there was somehow another user with administrator rights (I'm supposed to be the only one), and his username was set to a bunch of Javascript. Upon discovering this, I manually removed all references to this user from the database (because he wouldn't show up in the WP admin pages) and upgraded to 2.8.4. I hope that does it, but I'm not sure yet. I just thought I'd mention it here, because you don't say anything about suspicious administrator users, so it's possible that that's something you have overlooked. Also, there seems to have been an outbreak of this lately, wordpress.org's support forums are swarming with people reporting the same symptoms. I was running v2.6.3, and the same thing happened to me. At least, the permalink setting was changed. I haven’t found any injected code. To get rid of it, I fixed the permalink setting, but that turned out to be insufficient; closer inspection of my database revealed that there was somehow another user with administrator rights (I’m supposed to be the only one), and his username was set to a bunch of Javascript. Upon discovering this, I manually removed all references to this user from the database (because he wouldn’t show up in the WP admin pages) and upgraded to 2.8.4. I hope that does it, but I’m not sure yet.

I just thought I’d mention it here, because you don’t say anything about suspicious administrator users, so it’s possible that that’s something you have overlooked. Also, there seems to have been an outbreak of this lately, wordpress.org’s support forums are swarming with people reporting the same symptoms.

]]> By: passer-by http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11844 passer-by Fri, 04 Sep 2009 08:59:44 +0000 http://www.seanrees.com/?p=672#comment-11844 Hi Sean, I too have been hit by this, on the 2nd Sept 2009. I'm a bit stunned as like yourself I have no idea how this person has done it. Kudos to the little punk. I am beginning to think its a WP exploit. I have a part of my website served up from a private area, none of the files there were effected. Everything effected has been in the root wordpress directory. I am using WP 2.6. Maybe time to upgrade. Hi Sean,

I too have been hit by this, on the 2nd Sept 2009.
I’m a bit stunned as like yourself I have no idea how this person has done it. Kudos to the little punk.

I am beginning to think its a WP exploit. I have a part of my website served up from a private area, none of the files there were effected. Everything effected has been in the root wordpress directory. I am using WP 2.6. Maybe time to upgrade.

]]>