News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Smackdown Blog:
Rackspace Hacked Clients, Check Your Databases Wordpress "wp_optimize" Backdoor
June 16, 2010 @ 11:39:45

If you're a WordPress user and have an instance running on a Rackspace server, you should read this article to be sure you keep your site safe.

Just finished cleaning up a hacked client whose website is hosted on Rackspace Cloud hosting. I had discovered that there were a large number of people all on the same IP as my client a couple of weeks ago who all got hacked. [...] It looks like the culprit might have been a security hole in phpmyadmin. Hopefully this will turn out to be what was wrong, because Rackspace upgraded all of their installations of that package this past Saturday.

No matter the cause, there's a quick fix that can help protect your installation from the hack attempts making their way around. The problem was an injection directly into the wp_options table with the autoload turned on and a content field containing some PHP code. This code was executed each time the page loaded. They also include a bit of SQL you can run to check and see if there's any entries that might have made their way in.

0 comments voice your opinion now!
wordpress wpoptimize injection security backdoor


blog comments powered by Disqus

Similar Posts

ThinkPHP Blog: Leveraging Security to PHP (using sausages)

Chris Roane's Blog: 150 Ways to Ruin Your WordPress Site and Your Life

Symfony Blog: symfony 1.0.5 released (security fix)

Christian Stocker\'s Blog: \"Wordpress hat den Blog-Hosting Markt versaut\"

Christian Wenz's Blog: SANS Top-20 Internet Security Attack Targets (2006 Annual Update)


Community Events





Don't see your event here?
Let us know!


api bugfix list release application developer threedevsandamaybe series interview framework language code wordpress configure introduction podcast laravel project library community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework