New WordPress exploit - Webmaster Forums UK SEO SEM Webmaster Community Forum

kappa84 · #1 (**permalink**) 03-27-2008, 06:39 AM

In simple words: this exploit creates a new folder (/wp-content/1/) in which it puts spamming html files.
You can read more here: New Wordpress 2.3.3 Exploit/Vulnerability - Adds Spam Directory /wp-content/1/ | Smackdown!

brokencode · #2 (**permalink**) 03-27-2008, 06:53 AM

Thanks for the info. I found that folder already installed in some wp blogs I have

kappa84 · #3 (**permalink**) 03-27-2008, 07:12 AM

Have you find any sollution for that exploit?

OldDarkstarAccount · #4 (**permalink**) 03-27-2008, 08:06 AM

Thanks for the info. I had no problems untill now.

rhyswynne · #5 (**permalink**) 03-27-2008, 08:24 AM

I've double checked it and have not noticed anything.

Could the "put blank index.html files in directories" fix work?

arunpattnaik · #6 (**permalink**) 03-31-2008, 08:49 PM

I hate exploits. but i love wordpress anyways

. Any solutions so far?

xhan · #7 (**permalink**) 04-01-2008, 05:05 PM

one of my hostees had a file remv.php added to her wp directory - look out for that, It got my account suspended :S

kappa84 · #8 (**permalink**) 04-01-2008, 05:10 PM

No sollutions yet, not that I could find..

Tiger · #9 (**permalink**) 04-01-2008, 06:00 PM

I think, you have to update your wordpress blogs to last version 2.5.5, that's the only solution I know actually. Before updating, modify your mysql password and FTP password and look for files that are not yours on your FTP.

What I don't understand is why some wordpress blogs have the issue and others not...

xhan · #10 (**permalink**) 04-01-2008, 08:27 PM

it just depends if you come up on a hackers radar or not.

Theres sites out there listing all the hacks done by x person. My sites on one - grrr angry!