New WordPress exploit

[kappa84]

In simple words: this exploit creates a new folder (/wp-content/1/) in which it puts spamming html files.
You can read more here: New Wordpress 2.3.3 Exploit/Vulnerability - Adds Spam Directory /wp-content/1/ | Smackdown!

 

[brokencode]

Thanks for the info. I found that folder already installed in some wp blogs I have :death:

 

[kappa84]

Have you find any sollution for that exploit?

 

[OldDarkstarAccount]

Thanks for the info. I had no problems untill now.

 

[rhyswynne]

I've double checked it and have not noticed anything.

Could the "put blank index.html files in directories" fix work?

 

[arunpattnaik]

I hate exploits. but i love wordpress anyways . Any solutions so far?

 

[xhan]

one of my hostees had a file remv.php added to her wp directory - look out for that, It got my account suspended :S

 

[kappa84]

No sollutions yet, not that I could find..

 

[Tiger73]

I think, you have to update your wordpress blogs to last version 2.5.5, that's the only solution I know actually. Before updating, modify your mysql password and FTP password and look for files that are not yours on your FTP.

What I don't understand is why some wordpress blogs have the issue and others not...

 

[xhan]

it just depends if you come up on a hackers radar or not.

Theres sites out there listing all the hacks done by x person. My sites on one - grrr angry!

 

[WordpressThemed]

Does this affect latest wordpress 2.5?

 

[kappa84]

Never heard about that, hope not.

 

[Miks]

Thanks, I was not aware of that until now.

Great Forum Guys - Keep the useful the info coming.

 

[JagoanNeon]

thanks for info ...
i was update my wordpress to 2.5 ...