woke up to this WordPress hack - any ideas?
 

guys submitted a whole lotta stuff to a members area blog on of our sologirls writes her diary on

Comment:
[email protected]" and "1"="1

any idea what this is? their held for mod so np but I still like to know.

thanks :thumbsup

OH and the obligatory pic :)

http://dutchteengalleries.com/bb/70/images/4.jpg

If anything, it might be some attempt at SQL injection* (the "1"="1) part, but I doubt it. Was that part of the comment, part of the email field... where was it? It looks like it's just comment spam gone awry, but I'm a relative noob. You'll want to get a second opinion.

I think the use of quotes is an attempt to see if you are open for MYSQL injection. I could be wrong.

EDIT: Sands hit it before me. I suck.

Nice obligatory pic. ;)

all comments lemme post a few

[email protected] and 1=1

66535

-1.0

""

acunetix_wvs_invalid_filename

../../../../../../../../etc/passwd

ok tell me pls should I be worried cause ill forward it to mojo then dont want the blogs to go down or something

he commented like 40-50 times some .AR IP no member

Contact Mojo, ask them to back up your DB if they don't do that automatically. Maybe they can check your server logs and figure out the IP or IP's that added those comments, and they can modify your .htaccess to block them. Making sure you have the latest Wordpress version would be a good idea as well. Just a note: if you upgrading to 2.6, your categories may get deleted because it uses a slightly different DB setup.

I wouldn't freak out about it. Just take some safety precautions, and you'll be fine. :thumbsup

I'm guessing it is someone running one of those vulnerability / exploit frameworks if there are multiple suspicious comments. Could be a worry if Wordpress is vulnerable, any exploits might be listed here http://www.milw0rm.com/.


The first one looks like an SQL injection vulnerability test or fragment of a failed SQL injection. Seems they're trying a few other attack vectors too.

I totally missed the question...

I'm not an expert, but I imagine the latest WP is pretty damned invulnerable to simple injection attacks. Looks like they are trying to find default password files and obvious sql vulnerabilities.

Probably some script kiddies.

thanks all guys

ill send this to mojo they do backups all the time though - so np at all still anything to prevent something funny is welcome :)

That is an php script injection.

The "1"="1" makes any SQL query you do evaluate to
true which gives the hacker access to all data in the SQL database.

can we find the little buggers attempting that shit and box their ears a bit :pimp

If its a members area blog as you say, it should be easy to find. Or at least know what username, IP and CC used

no comment on the hack attempt, but i like the pic ;)

nice pic for sure

Very cute girl..
Shut down comments for a few days

Yes, they are easy to find. They are know as bad PHP programmers.

The php code written in the site script allows the exploit.

Anyway kudos for the tits.