Freeware DVD-CD PuTTY FLV-Flash Video WP Plugin
UPSRATE RSI Stock Blog Remember the code?
« Quick: Windows Keyboard Shortcut
How to add Streaming Video in your website 1 – create a Flash Video FLV »

Wordpress blog hacked with admin-ajax.php vulnerability

Whew~!
I just upgraded my old (don’t even know what the old version was) Wordpress to the latest 2.5.1 because somebody hacked into my site and added bunch of hyper links in my latest post. And it was very clever that the hyperlinks are not shown in the browser since the position of the div is out of screen. But probably search engines will see the links and increase the pagerank or simliar action could have been done I guess.

Anyway, the migration was very easy except that I had to redefine the tag keywords from the old UTW (Ultimate Tag Warrior 3) to the Wordpress.

I guess my blog was attacked by this admin-ajax.php vulnerability. They say that a hacker can run the SQL query through admin-ajax.php.

Here are some of the blogs explaining the vulnerability.

Share and Enjoy:

This entry was posted on Friday, May 16th, 2008 and is filed under Uncategorized. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

My favorite listmania

Newest iPod Models and Price Changes for 2008!!!!

$109.99
Apple iPod shuffle 2 GB Silver (2nd Generation) OLD MODEL - I love this one because unlike the new ones you dont have to fumble to switch music and adjust volume. It's great for working out. Definitely recommend!
$129.99
Apple iPod shuffle 2 GB Green (2nd Generation) OLD MODEL - I have one of these in purple, and I just have to say that it's a nice little ipod, if you are on a budget this is a perfect fit for you or your child. I also have a nano, so of course I miss the scr...
Apple iPod shuffle 2 GB Purple (2nd Generation) OLD MODEL - I decided to buy this after seeing a friends. I was looking to get something small for the gym that I didn't have to have strapped to my arm or have to hold. This was perfect.Clips right on your cloth...
$110.00
Apple iPod shuffle 2 GB Blue (2nd Generation) OLD MODEL - They delivered a quality product at a great price in a reasonable amount of time
$295.01
Apple iPod nano 8 GB Pink (3rd Generation) OLD MODEL - The product was fine, was in decent shape not to beat up. Over all was a good buy.
$379.99
Apple iPod touch 32 GB (1st Generation) OLD MODEL - I absolutely love my new iPod touch. I only wish it was 80GB since I already have over 40GB of music and pix, but hey I love it.
$300.00
Apple iPod touch 16 GB (1st Generation) OLD MODEL - Im really enjoying my ipod touch first generation. I purchased it to see if I would be able to use the 3rd generation. However Im in love with the one I have. The only difference is the 2nd and 3rd yo...
$249.95
Apple iPod touch 16 GB (1st Generation) OLD MODEL - brought 2 of these for my kids 2 years ago
keep breaking
Need to keep buying the extended warranty.
Too expensive, not worth it
$86.99
Apple iPod shuffle 1 GB Silver (2nd Generation) OLD MODEL - I love this one because unlike the new ones you dont have to fumble to switch music and adjust volume. It's great for working out. Definitely recommend!
$107.95
Apple iPod shuffle 1 GB Blue (2nd Generation) OLD MODEL - The newer model doesn't seem to have kept runners in mind, with the non clip-on design and the volume control on the headset. Not only does it force you to keep the apple headset, but it also takes on...
$125.00
Apple iPod shuffle 1 GB Green (2nd Generation) OLD MODEL - Bought for my sister so she have music for her walk to work..she just loves it.
$149.95
Apple iPod shuffle 1 GB Purple (2nd Generation) OLD MODEL - This is the best iPhone ever, I use it to do sports: Mountain Biking, Hiking, Running and so on y it supports rain, sweat, hits and more an it sound quality is great...

  1. #1 by Technology madness at June 22nd, 2008

    So, now after upgrade to 2.5.1, do you think your site is clean? I had a similar issue but not sure how to fix it. However, I do see wp-admin/admin-ajax.php accessed by someone. When I tried it to acess wp-admin/admin-ajax.php, it returns -1 value in browser. What does that mean? Do you think wordpress 2.5.1 is now secure?

    Quote

  2. #2 by HanaDaddy at June 22nd, 2008

    Basically you will need to make a clean install. Then overwrite the wp-content with the previous folder.
    Also highly recommend installing the Bad Behavior plugin. It blocks suspicious connection attempts to the admin pages.
    And how would you know that you are successfully blocking the hacking attempts? You should monitor your Awstat ( or similar web log analysis software) results everyday. You should be able to find the admin-ajax.php entry in the Pages-URL section of the awtats statistics. If you don’t, you are OK. But if you do find one, check the ‘Entry’ column. If this value is high, you should suspect that there are still hacking attempts occurring.

    Quote

  3. #3 by HanaDaddy at June 29th, 2008

    When you install Bad Behavior, it will block all the unverified access to admin pages which causes some of your plugins to fail. In that case, you should add your IP to the $bb2_whitelist_ip_ranges array of the plugins/bad-behavior/bad-behavior/whitelist.inc.php file.

    Quote

  4. #4 by sandrar at September 10th, 2009

    Hi! I was surfing and found your blog post… nice! I love your blog. :) Cheers! Sandra. R.

    Quote
(will not be published)
  1. No trackbacks yet.
Quick Coupons!
Abe's of Maine: Actually , if you buy a product more than $75, you can use FRIEND10 coupon code to get extra $10 off!