Comments on: PHP Script Injection Exploit in WordPress 2.7.1

By: Mike

Mike — Thu, 13 Aug 2009 03:08:58 +0000

I’ve been hit with this hacked too.

Though the title makes it seem like it’s WordPress 2.7.1 bug. Instead it’s your local PC and Adobe Reader.

thanks
.-= Mike´s last blog ..Coffee Break CMS WordPress Theme =-.

By: Me on the Net

Me on the Net — Fri, 03 Jul 2009 12:17:34 +0000

hello it is my first time visiting here, it’s a great site with a great articles, thanks for share.

By: Trisha

Trisha — Fri, 26 Jun 2009 15:09:47 +0000

hey all. I’ve been looking into plugins for extra security in 2.8 and I found two that look excellent…

1. secure wordpress – for general security
2. user locker – to help block brute force attacks on login.

i’ve also been adding the following to the .htaccess file at root (replaces index.html in all directories) and chmod to 644:

Options All -Indexes

best of luck to everyone!!!

By: Frank J

Frank J — Fri, 19 Jun 2009 18:27:54 +0000

Trisha,

You are very welcome! Thank you for your comments.

By: Trisha

Trisha — Fri, 19 Jun 2009 18:21:18 +0000

THANKS SO MUCH! what a relief. ive been having to delete my wp installs after this injector breaks my script!

any ideas on security in 2.8???

By: Gumblar Exploit and What Every Webmaster Should Know | web-hosting-newsletter.com

Thu, 18 Jun 2009 16:37:01 +0000

[...] PHP Script Injection Exploit in WordPress 2.7.1 [...]

By: Martin Luxton

Martin Luxton — Fri, 12 Jun 2009 09:35:08 +0000

I experienced something similar with Kaspersky this week. It flagged ad.doubleclick.net redirects on bbc.co.uk and apple.com as phishing sites.

I phoned doubleclick about it and seems to have cleared up.

By: WARNING - WORDPRESS.COM HAS JS REDIRECT VIRUS ON IT

WARNING - WORDPRESS.COM HAS JS REDIRECT VIRUS ON IT — Fri, 12 Jun 2009 09:24:03 +0000

[...] Re: WARNING – WORDPRESS.COM HAS JS REDIRECT VIRUS ON IT Possibly the problem? PHP Script Injection Exploit in WordPress 2.7.1 | TechJaws: Internet Security and SEO [...]

By: Dragon Blogger

Dragon Blogger — Mon, 08 Jun 2009 18:41:07 +0000

Good information, people need to beware of sql injection type stuff, and make sure their .php files aren’t tampered with. People forget about security thinking “it’s just a blog” but we have to remember what can happen when things go wrong.

Glad you got everything in working order, did you ever find the exact source that caused the problem in the first place?

By: Brian

Brian — Mon, 08 Jun 2009 04:41:56 +0000

Thanks for this post. While my issue wasn’t exactly the same, it does appear to have been a php script injection issue, and your post helped me find it. Almost done reloading 2.7.1 in 15 blogs. Gotta get after those user names, passwords, etc. now!