Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

0day in WordPress?

Discussion in 'Security' started by tiff2342, Sep 28, 2012.

  1. tiff2342

    tiff2342 Well-Known Member

    Joined:
    Apr 20, 2012
    Messages:
    140
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    In ref to:

    /https://twitter.com/SolidSSecurity
    /http://www.webhostingtalk.com/showthread.php?t=1195687

    Any one know if WP is safe?
     
    #1 tiff2342, Sep 28, 2012
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,769
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    #2 Infopro, Sep 28, 2012
  3. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    255
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    You are never 100% safe. Anyway I recommend to use the apache patch + mod_security with some good rules.
     
    #3 PlotHost, Oct 1, 2012
  4. tiff2342

    tiff2342 Well-Known Member

    Joined:
    Apr 20, 2012
    Messages:
    140
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    well there apparently is an exploit out for latest WP but ill just follow their twitter to stay on top of things just in case
     
    #4 tiff2342, Oct 2, 2012
  5. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    they say its just a cross site scripting exploit. have you found anything else out?
     
    #5 d'argo, Oct 2, 2012
  6. tiff2342

    tiff2342 Well-Known Member

    Joined:
    Apr 20, 2012
    Messages:
    140
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    all ive found is a cross site but they have logs of a shell being uploaded into the admin area via admin files on latest WP install /https://twitter.com/SolidSSecurity/status/251700021005791232
     
    #6 tiff2342, Oct 2, 2012
  7. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    i wish there more details. culd they have just stolen password?
     
    #7 d'argo, Oct 2, 2012
  8. tiff2342

    tiff2342 Well-Known Member

    Joined:
    Apr 20, 2012
    Messages:
    140
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    from what was said it was a freshly installed wordpress, symlinks patched, brand new.

    for sure something worth following.
     
    #8 tiff2342, Oct 2, 2012
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,769
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    How is it that this twitter user knows more about a security issue with Wordpress, than Wordpress? Can you link me to an actual statement by Wordpress on this?

    Thanks in advance.
     
    #9 Infopro, Oct 3, 2012
  10. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    255
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    #10 PlotHost, Oct 3, 2012
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,769
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you for the link.

    From the exploit itself for reference here:

    So, you need to have your wordpress admin page open and be logged in. And then click a link someone sends you, or you find online for this to be an issue. I think.

    I would think @SolidSSecurity might try and convey this sort of message in 140 characters or less to be useful to it's followers. Instead, he's been posting about it since Sept 27, with vague warnings.

    And we have this thread.

    Thanks again for the link. This sort of thing should be made clear to users who comes across this thread.
     
    #11 Infopro, Oct 3, 2012
  12. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    No -- not based on the logs I've seen.

    This is the log of a hacked site:
    Code:
    GET /wp-admin/ HTTP/1.1
GET /wp-admin/admin.php?page=stats&noheader&dashboard&width=574 HTTP/1.1
GET /wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_incoming_links HTTP/1.1
GET /wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_primary HTTP/1.1
POST /wp-admin/admin.php?page=stats&noheader&chart=flot-stats-data HTTP/1.1
GET /wp-admin/plugin-editor.php HTTP/1.1
GET /phpshell.php HTTP/1.1
    That all happened within 3 minutes.

    I don't know what was posted, however. In each case, the user altered things before I was called to the scene. And as you would guess, the users made things worse -- and covered the tracks of the hacker in the process.

    This is rather easily thwarted by having decent security on the site. Unfortunately, most users just deploy default, and do nothing other than add "security" plugins (NOT SECURITY!)

    This happened back on 8/30, so an exploit is at least a month old now. :(
     
    #12 kpmedia, Oct 7, 2012
(You must log in or sign up to post here.)
Loading...
Similar Threads - 0day WordPress
  1. crerem

    New Thread Compromised wordpress questions

    crerem, Oct 20, 2017 at 10:44 AM, in forum: Security
    Replies:
    1
    Views:
    66
    HostingH
    Oct 20, 2017 at 11:57 PM
  2. Kent D Ray

    In Progress Problem with wordpress cPanel Addon

    Kent D Ray, Oct 19, 2017 at 12:44 PM, in forum: General Discussion
    Replies:
    1
    Views:
    71
    cPWilliamL
    Oct 19, 2017 at 2:34 PM
  3. willke

    In Progress AutoSSL not working with Wordpress Sub-domain sites

    willke, Oct 17, 2017 at 6:37 AM, in forum: Security
    Replies:
    5
    Views:
    79
    verdon
    Oct 18, 2017 at 1:05 PM
  4. KubenNaidoo

    Error Installing Wordpress

    KubenNaidoo, Oct 4, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    102
    cPanelMichael
    Oct 4, 2017
  5. Al Ingham

    Domain Map for WordPress Multisite

    Al Ingham, Sep 22, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    1
    Views:
    110
    cPanelMichael
    Sep 25, 2017

Share This Page