WordPress.com Forums » Tag: vulnerability - Recent Posts

francodag on "malicious code 336988"

francodag — Fri, 22 Feb 2013 11:51:16 +0000

Hi, I've published a script on StackOverflow that can hepl to remove the trojan.

See http://stackoverflow.com/questions/14302910/why-regex-pattern-works-with-html-comments-but-doesnt-work-with-php-and-js-comm

auxclass on "malicious code 336988"

auxclass — Sat, 19 Jan 2013 00:16:27 +0000

The site you are asking about does not seem to be hosted on WordPress.COM so you need to make friends over at WordPress.ORG the keepers of the software you are using.

http://en.forums.wordpress.com/topic/7-things-to-know-before-posting-in-wordpresscom-forums?replies=1

This site is for support of sites hosted on WordPress.COM. You should address your questions to WordPress.ORG the keepers of the software you are using: http://wordpress.org/support/

For more on the difference: http://support.wordpress.com/com-vs-org/

rodrigograca on "malicious code 336988"

rodrigograca — Fri, 18 Jan 2013 22:54:20 +0000

pwforaker do you have skype, mail, anyway to talk with you?

Because "my website" was also hacked but is not a WP website, is custom made and i would like to know how, that "number" i think that is the name of the hacker.... first i thought that was a "hack numer" like ID for the website hacked, but now i see that is not true....

Can you please send me all the info that you have about this topi? In my site i just saw .js and .html "hacked" but i noticed some .htacces in on other websites.

pwforaker on "malicious code 336988"

pwforaker — Wed, 02 Jan 2013 13:29:37 +0000

I have about 15 WordPress installations (at 3.4 and 3.5). On December 12 and again on December 30, someone/something injected malicious code into hundreds of html, php and js files in a directory on my server, and deposited malicious .htaccess files. The code is commented with the # 336988.

Google shows one other person with this issue, and so far the best guess is that there's a plugin with a vulnerability.

Any ideas?

supportbot on "malicious code 336988"

supportbot — Wed, 02 Jan 2013 13:29:37 +0000

You did not specify a blog address or reason for posting when you created this topic.

This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you'll find help at the WordPress.org forums.

If you don't understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

If you forgot to include a link to your blog, you can reply and include it below. It'll help people to answer your question.

This is an automated message.

jeffmilner on "Hacked Alternate Version of my site on my site"

jeffmilner — Sun, 25 Mar 2012 13:33:08 +0000

This morning I got a google alert showing me pages that have been recently published on my blog that I did not publish. They are a hacked version of my real site but show up under a different URL.

For example:
http://jeffmilner.com/knotting-mapas_tomtom_xl_n14644_gratis_2011win32exe/
http://jeffmilner.com/zimmermann-manuale-officina-liberty-125/
http://jeffmilner.com/maintance-watch-pirates-2005-uncut-online-free-megauploadrar/

What can I do to get rid of these spammy hacked versions? They don't show up on the server as actual folders nor do they show up in my wordpress database when I do a search for them.

supportbot on "Hacked Alternate Version of my site on my site"

supportbot — Sun, 25 Mar 2012 13:33:08 +0000

The blog you specified at jeffmilner.com does not appear to be hosted at WordPress.com.

This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you'll find help at the WordPress.org forums.

If you don't understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

If you forgot to include a link to your blog, you can reply and include it below. It'll help people to answer your question.

This is an automated message.

morleyblog on "Suddenly Lots Of Spam"

morleyblog — Fri, 21 Nov 2008 05:01:54 +0000

Same problem here. Also spam in my email over the last month, which has been filtered 100% until recently. Why don't these jokers get a job?

salohcin on "Suddenly Lots Of Spam"

salohcin — Thu, 20 Nov 2008 23:13:56 +0000

I'm getting lots of spam too. Kind of annoying have to delete the notification email plus the spam comment itself on WP.

ellaella on "Suddenly Lots Of Spam"

ellaella — Fri, 14 Nov 2008 11:48:53 +0000

After getting 4 or 5, I noticed the IP numbers were the same or in sequence, so I added them to my moderation filter, plus the next in sequence, and that worked. They've stopped now in any case.

raincoaster on "Suddenly Lots Of Spam"

raincoaster — Fri, 14 Nov 2008 06:22:21 +0000

It's not just WP.com. It's independent WP as well and I'd guess Blogger and other platforms as well.

lizii on "Suddenly Lots Of Spam"

lizii — Thu, 13 Nov 2008 23:08:38 +0000

I did too, actually. I came online this morning and suddenly my spam count rocketed and I had a queue.

beemeister on "Suddenly Lots Of Spam"

beemeister — Thu, 13 Nov 2008 19:17:58 +0000

FYI, I got a boatload of spam after midnight last night...all gibberish. I was doing a lot of updating last night, and then this morning I noticed all the spam. Akismet caught them all...yeehaw!

genepensiero on "Suddenly Lots Of Spam"

genepensiero — Thu, 13 Nov 2008 16:10:08 +0000

thanks for the responses.

i immediately marked all the comments as spam when i received them, but i was just shocked at the sudden lapse in excellence that i've always enjoyed with Askimet.

things seem to be back to normal now.

@aw1923 - glad i could share wordle with you. hope you come back and visit sometime!

tellyworth on "Suddenly Lots Of Spam"

tellyworth — Thu, 13 Nov 2008 05:05:00 +0000

Spam ninjas are on the case.

Akismet issues should be reported here: http://akismet.com/contact/

aw1923 on "Suddenly Lots Of Spam"

aw1923 — Thu, 13 Nov 2008 04:55:05 +0000

I have had a couple of comments that have come through that were spam lately, and it hasn't happened before. I just marked them as spam and they appeared in Askimet the next day. And, thanks to you I just discovered http://www.wordle.net/create LUV it...I like discovering new interesting sites.

raincoaster on "Suddenly Lots Of Spam"

raincoaster — Thu, 13 Nov 2008 04:51:42 +0000

I've been getting more for the last three days or so, today Akismet started putting them in moderation. I guess it's learning.

lettershometoyou on "Suddenly Lots Of Spam"

lettershometoyou — Thu, 13 Nov 2008 04:50:18 +0000

Not noticed anything here, mate.

Just mark it as spam and move on.

genepensiero on "Suddenly Lots Of Spam"

genepensiero — Thu, 13 Nov 2008 04:39:31 +0000

is anyone else suddenly (like in the last 24 hours) receiving a lot of spam that Askimet isn't filtering out?

in the last few hours i have suddenly been getting a ton of spam comments with just 1 long alpha-numeric 'word.'

nothing has changed in my configuration that i know of. wp-security scanner says i'm ok...

timethief on "[IMPORTANT] XSS vulnerability in theme"

timethief — Sun, 15 Jul 2007 15:15:45 +0000

@digitalphoenix
If you would like to continue this conversation with Mark who has said: "The theme we use is fine, no cause for concern" then please send your email to support at this domain. Tx

digitalphoenix on "[IMPORTANT] XSS vulnerability in theme"

digitalphoenix — Sun, 15 Jul 2007 13:25:46 +0000

suddenly the bug is disappeared... what happened? Was it all a dream? Was it just my immagination? Or maybe you have modified the code of the theme...
I make a simple example: yesterday I opened a WordPress blog and there was the bug; then I've read your reply and I opened that blog again but... the bug is disappeared!

Dear Mark, the original Blix theme is bugged... download the zip file of the theme in the site of the creator, extract it and open the search.php file. At the end there this code line:
No Results for ‘<?php echo $s ?>’
As you know "echo $s" shows the content of the variable s, that is the string we want to search; if in the variable s there is a script it will be put in the html code of the page and executed. This command is never used in other themes and should never be used.

I've also the proof that the bug in Blix theme can be exploited in some blogs which are not hosted on WordPress servers.
I don't want to criticize, but if you have modified the code you should admit it.

Maybe I am wrong, but I wait for your reply.
bye

mark on "[IMPORTANT] XSS vulnerability in theme"

mark — Sun, 15 Jul 2007 10:28:15 +0000

The theme we use is fine, no cause for concern.

digitalphoenix on "[IMPORTANT] XSS vulnerability in theme"

digitalphoenix — Sun, 15 Jul 2007 08:00:22 +0000

@ drmike: I've sent a message only to the original theme designer but as options said, the bug is also in other versions of the theme.

timethief on "[IMPORTANT] XSS vulnerability in theme"

timethief — Sun, 15 Jul 2007 00:40:17 +0000

Where you find a disconnect is where a connect could be. It's sad that in the information age and, in this particular community, connections that could be made aren't being made and relationships that could flower and fruit aren't well established. In the end attitude, relationships and a problem solving focus are of the utmost import when it comes to building community be it in IT or elsewhere.

wank on "[IMPORTANT] XSS vulnerability in theme"

wank — Sun, 15 Jul 2007 00:21:52 +0000

Automattic are not in the business of informing theme developers about bugs they've fixed, they say it's up to the designers to come to them. Another shining example of that Open Source spirit WP is so famous for :)

options on "[IMPORTANT] XSS vulnerability in theme"

options — Sat, 14 Jul 2007 22:43:51 +0000

/me thinks tainted themes submitted to the themes.wp.net "should be checked for vulns and removed before WordCamp". as it far more dangerous than 'sponsored' themes for wp community.

edit: should be checked and approved before made it available for download for everyone from there.

also, this allows to inform a theme makers.

drmike on "[IMPORTANT] XSS vulnerability in theme"

drmike — Sat, 14 Jul 2007 22:25:26 +0000

Actually it does matter which is why I asked. If the poster sent an email to only one of the fork "authors", the rest of them should be made aware of it.

And if the poster sent the email to the original theme designer who appears to be no longer working on or supporting the theme, it would probably just get dropped into the bit bucket.

options on "[IMPORTANT] XSS vulnerability in theme"

options — Sat, 14 Jul 2007 22:22:10 +0000

<< it's been spun off a few times.

doesn't matter, half of them are vulnerable just the same way. because theme designers being "strongly influenced by the speed, security, and extensibility of the underlying code" just copy-pasting tainted parts of a script found somewhere as a "good" example how things should be done.

"A low barrier to entry sounds like a good thing.", -- well-well...

cornell on "[IMPORTANT] XSS vulnerability in theme"

cornell — Sat, 14 Jul 2007 21:33:22 +0000

Digital Phoenix - no, it wasn't meant to be ironic, it was a genuine "thanks". :)

drmike on "[IMPORTANT] XSS vulnerability in theme"

drmike — Sat, 14 Jul 2007 21:17:55 +0000

Which theme creator did you send it to? Like I mentioned, it's been spun off a few times.