«

»

Aug 12

WordPress exploits

Back in June, someone hacked this site, and added a malware iframe.

I cleaned it up, upgraded WordPress, and went on with my life, assuming that someone had just exploited a post.

Well, it was hacked again, the same way. Since I had upgraded WordPress, I was more suspicious, and I delved into my website setup.

When I went to the User tab, I saw this:

Administrators(2)

(And I expected to only see one) But when I went to the adminstrators tab, I saw this:

Administrators(1)

hmmm. That’s suspicious. I looked at the page source, and sure enough, there were two entries, but the second one was buried in a morass of javascript and styles. Egads – someone has not only gained administrative access to my blog, but they have effectively prevented me from removing them via the website.

Luckily for me, I know enough about SQL to be dangerous, so I went into PhpMyAdmin and deleted all the other users except me. This worked because the only users were random bogus registrations trying to get around my spam filters.

I’ve since turned off new registrations, and I suggest everyone else do the following:

1. Check on your users – see if you have more administrators than you expect, and if so, delete them with extreme prejudice.
2. turn off new user registration

Bleah

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>