GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Responce (part 2 of): I keep getting hacked...

GrouchyAdmin · 10-02-2006, 08:59 PM

Is your copy of wordpress current? Do you run anything else on it? Is this a shared WebAir system?

It's pretty trivial for bad permissions or weak permissions to let people fuck with your stuff. When I was (shortly) with webair, shared7, the machine I was on, didn't use suexec/phpsuexec, so everyone ran on the webserver as the same PID.

It'd be really trivial for someone to execute find, steal your password info, modify or insert their own administrator password hash, and log into your WordPress. I estimate maybe three seconds with one single script that globs recursively.. if server7 isn't down every 10 seconds these days.

10-02-2006, 08:59 PM
GrouchyAdmin Now choke yourself! Industry Role: Join Date: Apr 2006 Posts: 12,085	Is your copy of wordpress current? Do you run anything else on it? Is this a shared WebAir system? It's pretty trivial for bad permissions or weak permissions to let people fuck with your stuff. When I was (shortly) with webair, shared7, the machine I was on, didn't use suexec/phpsuexec, so everyone ran on the webserver as the same PID. It'd be really trivial for someone to execute find, steal your password info, modify or insert their own administrator password hash, and log into your WordPress. I estimate maybe three seconds with one single script that globs recursively.. if server7 isn't down every 10 seconds these days. __________________ AIM: GrouchyGfy