> Don't know where they are coming from, but someone really needs to > jump into the theme and do a solid clean out of any included JS and > such. No good.
> > Don't know where they are coming from, but someone really needs to
> > jump into the theme and do a solid clean out of any included JS and
> > such. No good.
> <li>JJ<noscript>Download <a href="http://www.toques-excelente.com/ > avaliacoes-download-de-toques-para-celular.html">http://www.toques- > excelente.com/avaliacoes-download-de-toques-para-celular.html</a> > Jazz: Top Seleções Toques De Celular Ringtones Gratuitos Polifônicos e > Monofônicos.</noscript> Halans: @
> Don't know where they are coming from, but someone really needs to > jump into the theme and do a solid clean out of any included JS and > such. No good.
> > <li>JJ<noscript>Download <a href="http://www.toques-excelente.com/ > > avaliacoes-download-de-toques-para-celular.html">http://www.toques- > > excelente.com/avaliacoes-download-de-toques-para-celular.html</a>
> > Jazz: Top Seleções Toques De Celular Ringtones Gratuitos Polifônicos e
> > Monofônicos.</noscript> Halans: @
> > Don't know where they are coming from, but someone really needs to
> > jump into the theme and do a solid clean out of any included JS and
> > such. No good.
> On Mar 8, 7:09 pm, John Allsopp <j...@westciv.com> wrote: >> If the site is run on wordpress, you need to upgrade to 2.3.3, or >> upgrade the XML-RPC file in your current instal
>>> <li>JJ<noscript>Download <a href="http://www.toques-excelente.com/ >>> avaliacoes-download-de-toques-para-celular.html">http://www.toques- >>> excelente.com/avaliacoes-download-de-toques-para-celular.html</a> >>> Jazz: Top Seleções Toques De Celular Ringtones Gratuitos >>> Polifônicos e >>> Monofônicos.</noscript> Halans: @
>>> Don't know where they are coming from, but someone really needs to >>> jump into the theme and do a solid clean out of any included JS and >>> such. No good.
According to Secunia "Successful exploitation requires valid user credentials." http://secunia.com/advisories/28823/ Maybe look through the registered users and delete all which shouldn't be there? Let people re-register if they want to post comments. Do you need comments enabled to begin with?
But might be something else all together... What version of Apache is it running? Maybe upgrade to latest version (if you're running your own slice/vm)? What version of PHP? What are the access rights on the files and folders? Are there any additional WP themes installed?
One of my hosts, MediaTemple, updated their php installations in January: "There is a parameter for php called 'allow_url_fopen' that is currently enabled in both our PHP4 and PHP5 environments. If the proper precautions are not taken in PHP a large number of code injection vulnerabilities frequently reported in PHP-based web applications are possible. We understand that our customers install a great number of PHP-driven applications, many of them from the open-source community. Unfortunately a great number of them can potentially fall prey to these vulnerabilities. " Has this been disabled on your server (allow_url_fopen can be found in php.ini)? While you're at it, have a look at register_globals and turn that off too...
(Djee, I better have another look at my WP installation too...)
On Sat, Mar 8, 2008 at 8:07 PM, John Allsopp <j...@westciv.com> wrote:
> damned,
> thought they'd fixed this problem with 2.3.3 -
> john
> On 08/03/2008, at 7:25 PM, Brad Kellett wrote:
> > The site is already running on WP 2.3.3
> > On Mar 8, 7:09 pm, John Allsopp <j...@westciv.com> wrote: > >> If the site is run on wordpress, you need to upgrade to 2.3.3, or > >> upgrade the XML-RPC file in your current instal
> >>> <li>JJ<noscript>Download <a href="http://www.toques-excelente.com/ > >>> avaliacoes-download-de-toques-para-celular.html">http://www.toques- > >>> excelente.com/avaliacoes-download-de-toques-para-celular.html</a> > >>> Jazz: Top Seleções Toques De Celular Ringtones Gratuitos > >>> Polifônicos e > >>> Monofônicos.</noscript> Halans: @
> >>> Don't know where they are coming from, but someone really needs to > >>> jump into the theme and do a solid clean out of any included JS and > >>> such. No good.
I guarantee it is something much simpler. The theme already had dogdy
stuff in it that was removed, should start with it and give the code a
good once over. Happy to volunteer for that.
~bck
On Mar 8, 9:22 pm, "Jean-Jacques Halans" <hal...@gmail.com> wrote:
> According to Secunia "Successful exploitation requires valid user credentials."http://secunia.com/advisories/28823/ > Maybe look through the registered users and delete all which shouldn't be there?
> Let people re-register if they want to post comments. Do you need
> comments enabled to begin with?
> But might be something else all together...
> What version of Apache is it running? Maybe upgrade to latest version
> (if you're running your own slice/vm)?
> What version of PHP?
> What are the access rights on the files and folders?
> Are there any additional WP themes installed?
> One of my hosts, MediaTemple, updated their php installations in January:
> "There is a parameter for php called 'allow_url_fopen' that is
> currently enabled in both our PHP4 and PHP5 environments. If the
> proper precautions are not taken in PHP a large number of code
> injection vulnerabilities frequently reported in PHP-based web
> applications are possible. We understand that our customers install a
> great number of PHP-driven applications, many of them from the
> open-source community. Unfortunately a great number of them can
> potentially fall prey to these vulnerabilities. "
> Has this been disabled on your server (allow_url_fopen can be found in php.ini)?
> While you're at it, have a look at register_globals and turn that off too...
> (Djee, I better have another look at my WP installation too...)
> JJ
> On Sat, Mar 8, 2008 at 8:07 PM, John Allsopp <j...@westciv.com> wrote:
> > damned,
> > thought they'd fixed this problem with 2.3.3 -
> > john
> > On 08/03/2008, at 7:25 PM, Brad Kellett wrote:
> > > The site is already running on WP 2.3.3
> > > On Mar 8, 7:09 pm, John Allsopp <j...@westciv.com> wrote:
> > >> If the site is run on wordpress, you need to upgrade to 2.3.3, or
> > >> upgrade the XML-RPC file in your current instal
> > >>> Don't know where they are coming from, but someone really needs to
> > >>> jump into the theme and do a solid clean out of any included JS and
> > >>> such. No good.
On Behalf Of Brad Kellett Sent: Saturday, 8 March 2008 9:26 PM To: BarCamp Sydney Subject: [BarCampSydney: 76] Re: Odd, Spammy Code in the Twitter Blog Post
I guarantee it is something much simpler. The theme already had dogdy stuff in it that was removed, should start with it and give the code a good once over. Happy to volunteer for that.
~bck
On Mar 8, 9:22 pm, "Jean-Jacques Halans" <hal...@gmail.com> wrote: > According to Secunia "Successful exploitation requires valid user credentials."http://secunia.com/advisories/28823/ > Maybe look through the registered users and delete all which shouldn't be there? > Let people re-register if they want to post comments. Do you need > comments enabled to begin with?
> But might be something else all together... > What version of Apache is it running? Maybe upgrade to latest version > (if you're running your own slice/vm)? > What version of PHP? > What are the access rights on the files and folders? > Are there any additional WP themes installed?
> One of my hosts, MediaTemple, updated their php installations in January: > "There is a parameter for php called 'allow_url_fopen' that is > currently enabled in both our PHP4 and PHP5 environments. If the > proper precautions are not taken in PHP a large number of code > injection vulnerabilities frequently reported in PHP-based web > applications are possible. We understand that our customers install a > great number of PHP-driven applications, many of them from the > open-source community. Unfortunately a great number of them can > potentially fall prey to these vulnerabilities. " > Has this been disabled on your server (allow_url_fopen can be found in php.ini)? > While you're at it, have a look at register_globals and turn that off too...
> (Djee, I better have another look at my WP installation too...)
> JJ
> On Sat, Mar 8, 2008 at 8:07 PM, John Allsopp <j...@westciv.com> wrote:
> > damned,
> > thought they'd fixed this problem with 2.3.3 -
> > john
> > On 08/03/2008, at 7:25 PM, Brad Kellett wrote:
> > > The site is already running on WP 2.3.3
> > > On Mar 8, 7:09 pm, John Allsopp <j...@westciv.com> wrote: > > >> If the site is run on wordpress, you need to upgrade to 2.3.3, or > > >> upgrade the XML-RPC file in your current instal
> > >>> Don't know where they are coming from, but someone really needs to > > >>> jump into the theme and do a solid clean out of any included JS and > > >>> such. No good.
|
