woke up to this WordPress hack - any ideas? - GoFuckYourself.com

DutchTeenCash · 10-02-2008, 06:18 AM

guys submitted a whole lotta stuff to a members area blog on of our sologirls writes her diary on

Comment:
[email protected]" and "1"="1

any idea what this is? their held for mod so np but I still like to know.

thanks

OH and the obligatory pic

Sands · 10-02-2008, 06:21 AM

Quote:

Originally Posted by DutchTeenCash

guys submitted a whole lotta stuff to a members area blog on of our sologirls writes her diary on

Comment:
[email protected]" and "1"="1

any idea what this is? their held for mod so np but I still like to know.

thanks

OH and the obligatory pic

If anything, it might be some attempt at SQL injection* (the "1"="1) part, but I doubt it. Was that part of the comment, part of the email field... where was it? It looks like it's just comment spam gone awry, but I'm a relative noob. You'll want to get a second opinion.

Useless Warrior · 10-02-2008, 06:23 AM

I think the use of quotes is an attempt to see if you are open for MYSQL injection. I could be wrong.

EDIT: Sands hit it before me. I suck.

Bojangles · 10-02-2008, 06:25 AM

Nice obligatory pic. ;)

DutchTeenCash · 10-02-2008, 06:26 AM

all comments lemme post a few

[email protected] and 1=1

66535

-1.0

""

acunetix_wvs_invalid_filename

../../../../../../../../etc/passwd

DutchTeenCash · 10-02-2008, 06:27 AM

Quote:

Originally Posted by Useless Warrior

I think the use of quotes is an attempt to see if you are open for MYSQL injection. I could be wrong.

EDIT: Sands hit it before me. I suck.

ok tell me pls should I be worried cause ill forward it to mojo then dont want the blogs to go down or something

he commented like 40-50 times some .AR IP no member

Sands · 10-02-2008, 06:32 AM

Quote:

Originally Posted by DutchTeenCash

ok tell me pls should I be worried cause ill forward it to mojo then dont want the blogs to go down or something

he commented like 40-50 times some .AR IP no member

Contact Mojo, ask them to back up your DB if they don't do that automatically. Maybe they can check your server logs and figure out the IP or IP's that added those comments, and they can modify your .htaccess to block them. Making sure you have the latest Wordpress version would be a good idea as well. Just a note: if you upgrading to 2.6, your categories may get deleted because it uses a slightly different DB setup.

I wouldn't freak out about it. Just take some safety precautions, and you'll be fine.

dozey · 10-02-2008, 06:34 AM

Quote:

Originally Posted by DutchTeenCash

I'm guessing it is someone running one of those vulnerability / exploit frameworks if there are multiple suspicious comments. Could be a worry if Wordpress is vulnerable, any exploits might be listed here http://www.milw0rm.com/.

The first one looks like an SQL injection vulnerability test or fragment of a failed SQL injection. Seems they're trying a few other attack vectors too.

qxm · 10-02-2008, 06:46 AM

I totally missed the question...

gornyhuy · 10-02-2008, 06:59 AM

I'm not an expert, but I imagine the latest WP is pretty damned invulnerable to simple injection attacks. Looks like they are trying to find default password files and obvious sql vulnerabilities.

Probably some script kiddies.

DutchTeenCash · 10-02-2008, 07:03 AM

thanks all guys

ill send this to mojo they do backups all the time though - so np at all still anything to prevent something funny is welcome

sortie · 11-06-2008, 12:01 PM

Quote:

Originally Posted by DutchTeenCash

Comment:
[email protected]" and "1"="1

any idea what this is?

That is an php script injection.

The "1"="1" makes any SQL query you do evaluate to
true which gives the hacker access to all data in the SQL database.

d-null · 11-06-2008, 12:06 PM

Quote:

Originally Posted by sortie

That is an php script injection.

The "1"="1" makes any SQL query you do evaluate to
true which gives the hacker access to all data in the SQL database.

can we find the little buggers attempting that shit and box their ears a bit

Machete_ · 11-06-2008, 12:11 PM

If its a members area blog as you say, it should be easy to find. Or at least know what username, IP and CC used

Puremeds-J · 11-06-2008, 12:18 PM

no comment on the hack attempt, but i like the pic ;)

The Duck · 11-06-2008, 12:30 PM

nice pic for sure

pornguy · 11-06-2008, 12:34 PM

Very cute girl..
Shut down comments for a few days

sortie · 11-06-2008, 12:39 PM

Quote:

Originally Posted by d-null

can we find the little buggers attempting that shit and box their ears a bit

Yes, they are easy to find. They are know as bad PHP programmers.

The php code written in the site script allows the exploit.

InternetIsForPorn · 11-06-2008, 01:10 PM

Anyway kudos for the tits.

10-02-2008, 06:18 AM	#1
DutchTeenCash I like Dutch Girls Join Date: Feb 2003 Location: dutchteencash.com Posts: 21,684	woke up to this WordPress hack - any ideas? guys submitted a whole lotta stuff to a members area blog on of our sologirls writes her diary on Comment: [email protected]" and "1"="1 any idea what this is? their held for mod so np but I still like to know. thanks OH and the obligatory pic __________________ ICQ 16 91 547 - SKYPE dutchteencash bob AT dutchteencash DOT com ... did you see our newest Sweet Natural Girl Priscilla (18)?

10-02-2008, 06:23 AM	#3
Useless Warrior Confirmed User Industry Role: Join Date: Apr 2004 Posts: 975	I think the use of quotes is an attempt to see if you are open for MYSQL injection. I could be wrong. EDIT: Sands hit it before me. I suck. Last edited by Useless Warrior; 10-02-2008 at 06:25 AM..

10-02-2008, 06:26 AM	#5
DutchTeenCash I like Dutch Girls Join Date: Feb 2003 Location: dutchteencash.com Posts: 21,684	all comments lemme post a few [email protected] and 1=1 66535 -1.0 "" acunetix_wvs_invalid_filename ../../../../../../../../etc/passwd __________________ ICQ 16 91 547 - SKYPE dutchteencash bob AT dutchteencash DOT com ... did you see our newest Sweet Natural Girl Priscilla (18)?

10-02-2008, 06:46 AM	#9
qxm Confirmed User Join Date: Jul 2006 Location: NoHo Posts: 5,970	I totally missed the question... __________________ ICQ: 266990876

10-02-2008, 06:59 AM	#10
gornyhuy Chafed. Join Date: May 2002 Location: Face Down in Pussy Posts: 18,041	I'm not an expert, but I imagine the latest WP is pretty damned invulnerable to simple injection attacks. Looks like they are trying to find default password files and obvious sql vulnerabilities. Probably some script kiddies. __________________ icq:159548293

10-02-2008, 06:25 AM	#4
Bojangles Confirmed User Join Date: Apr 2007 Posts: 5,419	Nice obligatory pic. ;)

10-02-2008, 07:03 AM	#11
DutchTeenCash I like Dutch Girls Join Date: Feb 2003 Location: dutchteencash.com Posts: 21,684	thanks all guys ill send this to mojo they do backups all the time though - so np at all still anything to prevent something funny is welcome __________________ ICQ 16 91 547 - SKYPE dutchteencash bob AT dutchteencash DOT com ... did you see our newest Sweet Natural Girl Priscilla (18)?

11-06-2008, 12:11 PM	#14
Machete_ WINNING! Industry Role: Join Date: Oct 2002 Posts: 14,579	If its a members area blog as you say, it should be easy to find. Or at least know what username, IP and CC used

11-06-2008, 12:18 PM	#15
Puremeds-J Confirmed User Join Date: Sep 2008 Location: The Mountains of Washington State Posts: 939	no comment on the hack attempt, but i like the pic ;) __________________ BiWeekly Payouts with no delay! - Now on NATS - $30 Per Trial - Check, Wire, Paxum! WE GOT AFRICAN MANGO! - Check out our New Reality Tour for CXPILL!

11-06-2008, 12:30 PM	#16
The Duck Adult Content Provider Industry Role: Join Date: May 2005 Location: Europe Posts: 18,243	nice pic for sure __________________ Skype Horusmaia ICQ 41555245 Email [email protected]

11-06-2008, 12:34 PM	#17
pornguy Too lazy to set a custom title Industry Role: Join Date: Mar 2003 Location: Homeless Posts: 62,912	Very cute girl.. Shut down comments for a few days __________________ PornGuy skype me pornguy_epic AmateurDough The Hottes Shemales online! TChicks.com \| Angeles Cid \| Mariana Cordoba \| MAILERS WELCOME!

11-06-2008, 01:10 PM	#19
InternetIsForPorn Confirmed User Join Date: Sep 2007 Posts: 848	Anyway kudos for the tits.