Freeware DVD-CD PuTTY FLV-Flash Video WP Plugin
UPSRATE RSI Stock Blog Remember the code?
« Quick: Windows Keyboard Shortcut
How to add Streaming Video in your website 1 – create a Flash Video FLV »

Wordpress blog hacked with admin-ajax.php vulnerability

Whew~!
I just upgraded my old (don’t even know what the old version was) Wordpress to the latest 2.5.1 because somebody hacked into my site and added bunch of hyper links in my latest post. And it was very clever that the hyperlinks are not shown in the browser since the position of the div is out of screen. But probably search engines will see the links and increase the pagerank or simliar action could have been done I guess.

Anyway, the migration was very easy except that I had to redefine the tag keywords from the old UTW (Ultimate Tag Warrior 3) to the Wordpress.

I guess my blog was attacked by this admin-ajax.php vulnerability. They say that a hacker can run the SQL query through admin-ajax.php.

Here are some of the blogs explaining the vulnerability.

Share and Enjoy:

This entry was posted on Friday, May 16th, 2008 and is filed under Uncategorized. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

My favorite listmania

Getting Started with Wordpress

$31.75
WordPress for Business Bloggers: Promote and grow your WordPress blog with advanced plug-ins, analytics, advertising, and SEO - It is an outdated book in my opinion. A lot of the function are automated now and the book shows manual work-arounds. The book is good for a general overview but I would not call it a fix-all book. ...
$31.57
WordPress Theme Design: A complete guide to creating professional WordPress themes - I rely on reviews when I'm looking for a beginner's reference book, and I felt misled by these reviews. I'm comfortable with HTML, CSS and I know a little bit about PHP--what I didn't understand was h...
$34.19
WordPress Complete: A comprehensive, step-by-step guide on how to set up, customize, and market your blog using WordPress - For $35, I expected something with far more detail and information. I'm a beginner to Wordpress, but I program in other languages. The book gave a bit of an overview, but in the end, I got what I re...
$19.79
Building a WordPress Blog People Want to Read - I was disappointed to find this book had NOTHING to do with how to build a blog people want to read. Instead it's a basic introductory on how to setup your first WordPress blog online. Good if you wan...
$12.95
Wordpress Entrepreneur: How To Setup, Customize & Use A Wordpress Website (Volume 1) - This book helps the novice learn how to set up WordPress on their free blog hosting website or their web hosting account. What is WordPress? It's a very popular open source blog publishing application...
$27.04
Professional LAMP : Linux, Apache, MySQL and PHP Web Development - This book only gives rudimentary coverage of MySQL or Apache.

Twenty one pages in the chapter for 'Advanced MySQL' -- really! 13 pages of this is a review of SQL, how to do queries, updat...
$29.69
Building Findable Websites: Web Standards SEO and Beyond - Mr. Walter really understands IA, UX, and Findability. The book is well-written and not overly theoretical. There are practical, easy-to-follow examples with the underlying rationale. From the firs...
$29.19
Professional Search Engine Optimization with PHP: A Developer's Guide to SEO - Suitable for SEO beginners programming with PHP. I imagine the wellrounded programmer would swear by some of the concepts portrayed in this book. However, the book does not elaborate on the more sophi...
$32.25
Prioritizing Web Usability - Jakob Nielsen and Hoa Loranger paired together to create a book packed with the information necessary on what it takes to create a user-friendly Web site. Prioritizing Web Usability hits the center o...
$29.69
WordPress 24-Hour Trainer: Watch, Read, and Learn How to Create and Customize WordPress Sites (Book & DVD) - I should probably start off by saying that I've been using WordPress for a few years now, on four different personal sites, and countless others for friends. I've built a LAMP / WP server from scratch...

  1. #1 by Technology madness at June 22nd, 2008

    So, now after upgrade to 2.5.1, do you think your site is clean? I had a similar issue but not sure how to fix it. However, I do see wp-admin/admin-ajax.php accessed by someone. When I tried it to acess wp-admin/admin-ajax.php, it returns -1 value in browser. What does that mean? Do you think wordpress 2.5.1 is now secure?

    Quote

  2. #2 by HanaDaddy at June 22nd, 2008

    Basically you will need to make a clean install. Then overwrite the wp-content with the previous folder.
    Also highly recommend installing the Bad Behavior plugin. It blocks suspicious connection attempts to the admin pages.
    And how would you know that you are successfully blocking the hacking attempts? You should monitor your Awstat ( or similar web log analysis software) results everyday. You should be able to find the admin-ajax.php entry in the Pages-URL section of the awtats statistics. If you don’t, you are OK. But if you do find one, check the ‘Entry’ column. If this value is high, you should suspect that there are still hacking attempts occurring.

    Quote

  3. #3 by HanaDaddy at June 29th, 2008

    When you install Bad Behavior, it will block all the unverified access to admin pages which causes some of your plugins to fail. In that case, you should add your IP to the $bb2_whitelist_ip_ranges array of the plugins/bad-behavior/bad-behavior/whitelist.inc.php file.

    Quote

  4. #4 by sandrar at September 10th, 2009

    Hi! I was surfing and found your blog post… nice! I love your blog. :) Cheers! Sandra. R.

    Quote
(will not be published)
  1. No trackbacks yet.
Quick Coupons!
Abe's of Maine: Actually , if you buy a product more than $75, you can use FRIEND10 coupon code to get extra $10 off!