Custom Search
Wordpress 2.0.5 Site got hacked using c99shell ?
Posted by Reaper-X Nov 3 2006 4:59 pm
There’s an interesting talks right now (at least for me) on wp-testers mailing list about wordpress 2.0.5 site got hacked using c99shell, and what makes me curious about it .. is it really wordpress fault or is it caused by plugins used on his wordpress site ? i’m really sure that this hack caused by some vulnerable plugins used or maybe because the person itself is running vulnerable CMS / Forum software on his site. Btw i’ve tried searching various site about this stuff but the only thing i could find is some unspecified wordpress vulnerability that’s already fixed on 2.0.5 release.
Some people also say to use modsecurity for those who use a dedicated box but if you’re on shared host like me, you can ask your webhost about it. I don’t know if my webhost already using modsecurity for the shared hosting account or not, but one thing for sure is .. i already test on my site, and it returns the 406 HTTP Header (most 406 http header caused by modsecurity) if i try to do something funny. Anyway i hope this problem is not caused by Wordpress itself.
Connect with me
Thanks for the great information. I just suscribed to your blog feed.Michelle, HostGator Coupons
eldooky2003@yahoo.com
ukgjhhkhjj
help me
It has nothing to do with blog software.
I had forgoten in my path the Appserv folder wich was indexed by the search engines and they used the “README-th.php” file to gain access.
What I found disturbing is that the injection was done by Yahoo Slurp. I don’t know how they managed to make Yahoo do the job for them but they did.
The script-kiddies are capable of much more than what they’ve been doing Unfortunately.
The last one who gained access to my self-hosted server, erased the whole disk.
I guess I was lucky in unluckyness and pulled the plug while he was doing it so along with some other files the Apache log was saved
and I was able to track the events down and
found that it was I guy from Turkey.
I have enough evidence from the log file and also from a forum where he posted his evil doing but I don’t know what can I do against him (legally I mean).
I did not only lost my sites I also lost about 70GB of data and software.
I see … thanks a lot for that information, i really appreciate it .. but if it caused by xmlrpc then the problem is in the blog software itself :?
my blog use Nucleus and even that was hacked with c99 – so its nothing to do with wordpress itself. and my box is Fedora 5 with all the latest security patches.
from my logs , it seems to be a hack based on the xmlrpc component of a blog.