Comments on: Haxx0red! http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/ Faith, Family, Friends. Sat, 20 Feb 2010 23:39:22 -0400 http://wordpress.org/?v=2.9.2 hourly 1 By: Doug http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/comment-page-1/#comment-23182 Doug Fri, 02 May 2008 17:56:55 +0000 http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/#comment-23182 Feesh: Blocking multiple logins is a bad idea, as some malefactor could well block you from your own blog simply by repeatedly attempting to log in as "admin", thus denying you access. coffee2code's <a href="http://coffee2code.com/wp-plugins/last-logins/" rel="nofollow">Last Logins</a> plugin may be something to look into, as it at least logs all attempted logins, thus giving you an idea as to whether someone is attempting to get in and react in time (by changing passwords, etc.). Feesh:
Blocking multiple logins is a bad idea, as some malefactor could well block you from your own blog simply by repeatedly attempting to log in as “admin”, thus denying you access.

coffee2code’s Last Logins plugin may be something to look into, as it at least logs all attempted logins, thus giving you an idea as to whether someone is attempting to get in and react in time (by changing passwords, etc.).

]]> By: Feesh http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/comment-page-1/#comment-23180 Feesh Fri, 02 May 2008 16:04:25 +0000 http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/#comment-23180 Do either of you happen to use a plugin to stop multiple login attempts? If not, it could be that they brute forced your password. Do either of you happen to use a plugin to stop multiple login attempts?

If not, it could be that they brute forced your password.

]]> By: Doug http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/comment-page-1/#comment-23176 Doug Thu, 01 May 2008 19:22:29 +0000 http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/#comment-23176 Dan: What version of WP were you running previously? I've been operating under the assumption that the vector was WP's XML-RPC interface, as that's the only real point of entry for my setup (I also altered my admin password in an attempt to narrow down exploit holes). It almost seemed as if the spammers in question got ahold of my login credentials somehow and used the Theme Editor to add the offending code. Dan:
What version of WP were you running previously?

I’ve been operating under the assumption that the vector was WP’s XML-RPC interface, as that’s the only real point of entry for my setup (I also altered my admin password in an attempt to narrow down exploit holes).

It almost seemed as if the spammers in question got ahold of my login credentials somehow and used the Theme Editor to add the offending code.

]]> By: Dan Cederholm http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/comment-page-1/#comment-23175 Dan Cederholm Thu, 01 May 2008 19:12:12 +0000 http://literalbarrage.org/blog/archives/2007/10/02/haxx0red/#comment-23175 I've just discovered I've been hit by the same exact problem on several of my domains. I found one instance of the include-to-.txt and removed it. But spam links are still showing up. I've grepp'd my entire account for everything possible, and can't find the culprit. Really really frustrating. Would love to know if this is a WP issue, or just general hackery (I've updated to WP2.5). I’ve just discovered I’ve been hit by the same exact problem on several of my domains. I found one instance of the include-to-.txt and removed it. But spam links are still showing up. I’ve grepp’d my entire account for everything possible, and can’t find the culprit. Really really frustrating. Would love to know if this is a WP issue, or just general hackery (I’ve updated to WP2.5).

]]>