Virus Being Added to Blogs

cd34 · 2006-05-21, 09:13 PM

if the code isn't in your index.php, I would suspect a template got changed. If your host runs setuid (where the apache process runs as the owner rather than as nobody/www-data or an unprivileged account), any remote exploit would allow them to overwrite a number of files. It would be more difficult if they didn't run setuid.

you mentioned Joomla, are you running the latest patches for that? They had 5 or 6 exploitable bugs that were patched in December.

So far, I haven't seen evidence of an issue on Wordpress 2.0.2 that we couldn't find exploited through other software running on that site.

Any method that it occurred, its in your best interest to figure out how it was exploited.... because it will happen again.. and again... and again.

2006-05-21, 09:13 PM	#1
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	if the code isn't in your index.php, I would suspect a template got changed. If your host runs setuid (where the apache process runs as the owner rather than as nobody/www-data or an unprivileged account), any remote exploit would allow them to overwrite a number of files. It would be more difficult if they didn't run setuid. you mentioned Joomla, are you running the latest patches for that? They had 5 or 6 exploitable bugs that were patched in December. So far, I haven't seen evidence of an issue on Wordpress 2.0.2 that we couldn't find exploited through other software running on that site. Any method that it occurred, its in your best interest to figure out how it was exploited.... because it will happen again.. and again... and again. __________________ SnapReplay.com a different way to share photos - iPhone & Android