|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
05-26-2006, 01:53 PM
|
#1 |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
WORDPRESS - trojan-virus
I have had alot of people contacting me recently about trojans and virii on their sites that show up mysteriously on all their pages..
The comman factor seems to be wordpress. I am not a wordpress user so i dont know whats up , but if you are running wordpress i suggest doing an update regardless and if you are having problems contact your host to have your server cleaned up.. p.s. just cause you got rid of it once doesnt mean its gone. Its likely hiding in the shadows waiting to reinstall itself.. p.s.s. i recently invented a very usefull tool for checking sites .. http://tools.webspacemania.com/proxy/ What this is is a "double anonymous" browser that will surf to any domain using a random proxy that then forwards the html to my server through the proxy then redisplay's the results to you. ( its also usefull to determine if your having network troubles connecting to a site ). Keep in mind it going through several proxies so it takes a bit of time , and sometime the proxies are dead so it will fail. Also keep in mind the images are redisplayed inlin in your browser , so while the page contents are completely anonymous , any images will be redisplayed inline through your browser so if you want to be ULTRA anonymous , turn off images in your browser first. The script will disable any javascript on the target page so you dont have to worry about trojans and such when checking a site.. When you testa site the proxy port and county of the proxy will be displayed in the upper left hand corner of any page you check
__________________
hatisblack at yahoo.com |
|
|
|
05-26-2006, 01:55 PM
|
#2 |
|
CURATOR
Join Date: Jul 2004
Location: the attic
Posts: 14,572
|
Thanks! 2hp
__________________
tada! |
|
|
|
|
05-26-2006, 02:25 PM
|
#3 |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
bump 4 wordpress peeps
__________________
hatisblack at yahoo.com |
|
|
|
|
05-26-2006, 02:55 PM
|
#4 |
|
Confirmed User
Join Date: Nov 2004
Location: Scotland
Posts: 1,062
|
Giving this a try but I can't read the results page properly. The proxy info box covers part of the message.
 I can only see the last 5 letters of a word 'ently'
__________________
. |
|
|
|
|
05-26-2006, 03:00 PM
|
#5 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2001
Location: the beach, SoCal
Posts: 107,089
|
What is this trojan doing that people noticed a problem?
What version of WP was the common denominator? |
|
|
|
|
05-26-2006, 03:03 PM
|
#6 |
|
My Sig was too Big! :(
Join Date: May 2006
Posts: 222
|
thanks for useful link and info. esp. for link - now it's in my "favorites"
__________________
NEW SOLO GIRL  |
|
|
|
|
05-26-2006, 03:04 PM
|
#7 |
|
Affiliate
Join Date: Jul 2004
Posts: 28,735
|
I had some trojans on my servers earlier today. Perhaps they came from a wordpress... Had to upgrade. Thanks for the info!
__________________
M&A Queen |
|
|
|
|
05-26-2006, 03:05 PM
|
#8 |
|
Programming King Pin
Industry Role:
Join Date: Oct 2003
Location: Montreal
Posts: 27,360
|
Thanks for the info, I'll take a closer look at this.
__________________
UUGallery Builder - automated photo/video gallery plugin for Wordpress! Stop looking! Checkout Naked Hosting, online since 1999 ! 
|
|
|
|
|
05-26-2006, 03:18 PM
|
#9 |
|
Skinemax BQueen
Industry Role:
Join Date: Jul 2004
Location: Las Vegas NV
Posts: 2,145
|
bump again for WP crew!
|
|
|
|
|
05-26-2006, 03:55 PM
|
#10 |
|
Confirmed User
Join Date: Nov 2005
Posts: 2,167
|
Its a voulnerability in wordpress actually that among other things, allows people to install trojan on your system.
__________________
agentGFY *at* gmail.com |
|
|
|
|
05-26-2006, 04:00 PM
|
#11 | |
|
Confirmed User
Join Date: Sep 2005
Location: Your mom is my favorite pornstar!#%
Posts: 5,995
|
Quote:
__________________
Fling.com doesn't steal your traffic and sales unlike some other dating companies. I promote them, and so should you! |
|
|
|
|
|
05-26-2006, 04:06 PM
|
#12 |
|
Confirmed User
Join Date: Sep 2003
Location: Los Begas
Posts: 9,162
|
hmm nothing on the WP site yet... any confirmation that it's actually a WP problem?
|
|
|
|
|
05-26-2006, 04:10 PM
|
#13 |
|
Confirmed User
Join Date: Sep 2003
Location: Los Begas
Posts: 9,162
|
apparently jerzeemedia is familiar with the problem and solution
http://www.gofuckyourself.com/showth...oto=nextnewest |
|
|
|
|
05-26-2006, 04:36 PM
|
#14 | |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
Quote:
__________________
hatisblack at yahoo.com |
|
|
|
|
|
05-26-2006, 05:09 PM
|
#15 |
|
Confirmed User
Join Date: Feb 2002
Location: Third mall from the sun
Posts: 2,185
|
It has to be more than just a wordpress problem.
I had something that looked like the example fetishblog posted and the only script used is phpadsnew. Anyone know what it does?
__________________
I was looking for a job, and then I found a job And heaven knows I'm miserable now |
|
|
|
|
05-26-2006, 06:17 PM
|
#16 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2001
Location: the beach, SoCal
Posts: 107,089
|
I will ask again . . . what version of Wordpress is this happening on?
|
|
|
|
|
05-26-2006, 06:21 PM
|
#17 |
|
emperor of my world
Join Date: Aug 2004
Location: nethalands
Posts: 29,903
|
yea we need more details
|
|
|
|
|
05-26-2006, 06:36 PM
|
#18 | |
|
Too lazy to set a custom title
Industry Role:
Join Date: Sep 2003
Posts: 22,651
|
Quote:
|
|
|
|
|
|
05-26-2006, 07:18 PM
|
#19 |
|
www.barely18movies.com
Join Date: Feb 2003
Location: Melbourne, Australia
Posts: 10,920
|
bump....
__________________
|
|
|
|
|
05-26-2006, 07:22 PM
|
#20 |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
someone mentioned it in another thread. im not familiar with the product because i dont use it .. ( im referring to the version number affected )
__________________
hatisblack at yahoo.com |
|
|
|
|
05-26-2006, 07:24 PM
|
#21 | |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2001
Location: the beach, SoCal
Posts: 107,089
|
Quote:
I would be inclined to think it was a common plugin they were using rather that WP itself.  |
|
|
|
|
|
05-26-2006, 07:28 PM
|
#22 |
|
Confirmed User
Join Date: Feb 2006
Location: Gulf Coast
Posts: 211
|
There was a security update for Wordpress released a month or so ago, 2.02
__________________
 |
|
|
|
|
05-26-2006, 07:28 PM
|
#23 |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
__________________
hatisblack at yahoo.com |
|
|
|
|
05-26-2006, 10:16 PM
|
#24 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Sep 2003
Posts: 22,651
|
just checked all of my wp blogs and nothing found. whew
|
|
|
|
|
05-26-2006, 10:44 PM
|
#25 |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
Advisory ID : FrSIRT/ADV-2006-1992
CVE ID : GENERIC-MAP-NOMATCH Rated as : High Risk Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-26 Technical Description A vulnerability has been identified in WordPress, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to input validation errors in the "wp-admin/profile.php" script that does not validate certain parameters before being written to PHP scripts in the "wp-content/cache/userlogins/" and "wp-content/cache/users/" directories, which could be exploited by malicious users to inject and execute arbitrary PHP code with the privileges of the web server. Note : An input validation error in the "vars.php" script when handling the "PC_REMOTE_ADDR" HTTP header could be exploited by attackers to spoof their IP addresses. Affected Products WordPress version 2.0.2 and prior Solution The FrSIRT is not aware of any official supplied patch for this issue.
__________________
hatisblack at yahoo.com |
|
|
|
|
05-26-2006, 10:53 PM
|
#26 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2001
Location: the beach, SoCal
Posts: 107,089
|
okay, thanks
|
|
|
|
|
05-26-2006, 10:56 PM
|
#27 |
|
best designer on GFY
Join Date: Mar 2003
Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384
Posts: 30,307
|
I was a victim of this piece of this shit.
__________________
  NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! | The Alien Blog Adult News Worth Reading Updated Daily | Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 |ICQ: 78943384 | |
|
|
|
