Some twat decided to haxxor my blog.
Probably my own fault for having such an old version of WP on here. None the less not impressed.
Instead of this page you get an interactive interface for poking around and running and reading stuff on the remote system. I think I have gotten off lightly thanks to the joys of suphp.
The hack page actually lives in the database, and hides itself in some coded text making it a bit of a head scratcher to find. I read around on the web :
and discovered a load of dubious rows in my wp_options table :
| rss_0ff4b43bd116a9d8720d689c80e7dfd4 |
| rss_0ff4b43bd116a9d8720d689c80e7dfd4_ts |
| rss_17fd746cbaabc9c8492edcdc707a29c3 |
| rss_17fd746cbaabc9c8492edcdc707a29c3_ts |
| rss_503e5c96d032cbcd5e7bff1c20b85bbd |
| rss_503e5c96d032cbcd5e7bff1c20b85bbd_ts |
| rss_867bd5c64f85878d03a060509cd2f92c |
| rss_867bd5c64f85878d03a060509cd2f92c_ts |
| rss_encoded_html |
| rss_excerpt_length |
| rss_f541b3abd05e7962fcab37737f40fad8 |
| rss_language |
| rss_use_excerpt |
As I backup the SQL regularly and the site was screwed I took my usual brutal approach to it and just binned these rows. tada, site back. May have a look and see if anything else has changed… tho tbh, I think just updating to latest version is probably the best bet.
Also found a few extra plugins in the wp-content/plugins directory.. including a copy of the hello plugin and a larger /old version which was just full of nonsense. Again coded php :/
rather annoying but at least I seem to have removed it.
fuckers.
Make use of mysql’s privilege system to do read only or something? could have a parrallel installation that’s HTTP realm auth protected for posting stories and making changes that connects in to db with a diff. user….