Comments on: Spam Links Injected Into Wordpress 2.7 http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/ I hail from Melbourne, Australia but I am living in Seattle, Washington. This blog is powered by passive aggression. Thu, 11 Mar 2010 23:14:45 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Ray Hernandez http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4685 Ray Hernandez Tue, 10 Mar 2009 02:10:18 +0000 http://boxofjack.com/?p=1186#comment-4685 <p>Same exact thing happen to me...and I'm on Dreamhost. Actually I'm trying to get the fuck off of dreamhost cause I can't stand them. If the servers don't go down...they get hacked. It's crap. Thanks for the explanation...it really helped...and good luck to everyone else infected.</p> Same exact thing happen to me…and I’m on Dreamhost. Actually I’m trying to get the fuck off of dreamhost cause I can’t stand them. If the servers don’t go down…they get hacked. It’s crap. Thanks for the explanation…it really helped…and good luck to everyone else infected.

]]> By: Dennis http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4612 Dennis Mon, 16 Feb 2009 05:26:11 +0000 http://boxofjack.com/?p=1186#comment-4612 <p>Totally unrelated... but I really like your vim theme. :-)</p> Totally unrelated… but I really like your vim theme. :-)

]]> By: neal s http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4604 neal s Sat, 14 Feb 2009 04:25:26 +0000 http://boxofjack.com/?p=1186#comment-4604 <p>Thanks for the heads up on my site, Jack. I took care of it thanks to you, and I might not have noticed for a long time otherwise. I owe you a beer for sure.</p> <p>Have we determined if this is a Dreamhost issue? I might very well need to switch after this. They seem way too vulnerable.</p> Thanks for the heads up on my site, Jack. I took care of it thanks to you, and I might not have noticed for a long time otherwise. I owe you a beer for sure.

Have we determined if this is a Dreamhost issue? I might very well need to switch after this. They seem way too vulnerable.

]]> By: Bill Vick http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4602 Bill Vick Fri, 13 Feb 2009 03:01:55 +0000 http://boxofjack.com/?p=1186#comment-4602 <p>Thanks - they hacked my site (on Dreamhost) as well but your heads up saved me from both grief and embarrassment.</p> <p>Why do idiots like that do things like this?</p> <p>Thanks again Jack.</p> Thanks – they hacked my site (on Dreamhost) as well but your heads up saved me from both grief and embarrassment.

Why do idiots like that do things like this?

Thanks again Jack.

]]> By: Jared http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4601 Jared Thu, 12 Feb 2009 19:55:08 +0000 http://boxofjack.com/?p=1186#comment-4601 <p>I was hit twice in a week, also on DH. I've since switched to Media Temple last weekend.</p> <p>Check your user list -- I found another administrator created in my blog as well, obfuscated with some clever code so I couldn't delete it from the admin panel (had to go in through phpMyAdmin and remove it manually from the DB). I also found uploaded to wp-content/uploads an R57shell named "cache.php" as well as a "wp-manager.php."</p> I was hit twice in a week, also on DH. I’ve since switched to Media Temple last weekend.

Check your user list — I found another administrator created in my blog as well, obfuscated with some clever code so I couldn’t delete it from the admin panel (had to go in through phpMyAdmin and remove it manually from the DB). I also found uploaded to wp-content/uploads an R57shell named “cache.php” as well as a “wp-manager.php.”

]]> By: Karan http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4597 Karan Wed, 11 Feb 2009 00:56:12 +0000 http://boxofjack.com/?p=1186#comment-4597 <p>Also, could be a plugin - I've got a very minimal list of plugins, but some particular plugin could be badly behaved...</p> Also, could be a plugin – I’ve got a very minimal list of plugins, but some particular plugin could be badly behaved…

]]> By: Karan http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4596 Karan Wed, 11 Feb 2009 00:54:58 +0000 http://boxofjack.com/?p=1186#comment-4596 <p>Dunno if it's co-incidence, but 2.7.1 is out now - seems to have one or two XMLRPC related fixes.</p> <p>Will, for what it's worth, i've got a couple of installs on Dreamhost too but they haven't been hit - I'd suspect it's not Dreamhost but Wordpress that's vulnerable. Report it to Dreamhost support and see if they can follow up - they're usually pretty responsive.</p> Dunno if it’s co-incidence, but 2.7.1 is out now – seems to have one or two XMLRPC related fixes.

Will, for what it’s worth, i’ve got a couple of installs on Dreamhost too but they haven’t been hit – I’d suspect it’s not Dreamhost but Wordpress that’s vulnerable. Report it to Dreamhost support and see if they can follow up – they’re usually pretty responsive.

]]> By: will http://boxofjack.com/articles/2009/02/09/spam-links-injected-into-wordpress-27/#comment-4593 will Mon, 09 Feb 2009 21:15:52 +0000 http://boxofjack.com/?p=1186#comment-4593 <p>thanks very much for heads up</p> <p>I also use Dreamhost and this is the second time I have had a hack in 2 months .... previously they were disguised links at the footer.</p> <p>Time to switch hosts.</p> <p>Regards</p> thanks very much for heads up

I also use Dreamhost and this is the second time I have had a hack in 2 months …. previously they were disguised links at the footer.

Time to switch hosts.

Regards

]]>