http://www.neox.net/w/2008/05/16/wordpress-blog-hacked-with-admin-ajaxphp-vulnerability/ Here are the freewares just the ones I like Fri, 05 Sep 2008 15:32:02 +0000 http://wordpress.org/?v=2.5.1 http://www.neox.net/w/2008/05/16/wordpress-blog-hacked-with-admin-ajaxphp-vulnerability/#comment-12340 HanaDaddy Mon, 30 Jun 2008 02:27:54 +0000 http://www.neox.net/w/?p=155#comment-12340 When you install Bad Behavior, it will block all the unverified access to admin pages which causes some of your plugins to fail. In that case, you should add your IP to the $bb2_whitelist_ip_ranges array of the <code>plugins/bad-behavior/bad-behavior/whitelist.inc.php</code> file. When you install Bad Behavior, it will block all the unverified access to admin pages which causes some of your plugins to fail. In that case, you should add your IP to the $bb2_whitelist_ip_ranges array of the plugins/bad-behavior/bad-behavior/whitelist.inc.php file.

]]> http://www.neox.net/w/2008/05/16/wordpress-blog-hacked-with-admin-ajaxphp-vulnerability/#comment-12334 HanaDaddy Sun, 22 Jun 2008 23:33:59 +0000 http://www.neox.net/w/?p=155#comment-12334 Basically you will need to make a clean install. Then overwrite the wp-content with the previous folder. Also highly recommend installing the <a href='http://www.bad-behavior.ioerror.us/' rel="nofollow">Bad Behavior</a> plugin. It blocks suspicious connection attempts to the admin pages. And how would you know that you are successfully blocking the hacking attempts? You should monitor your Awstat ( or similar web log analysis software) results everyday. You should be able to find the admin-ajax.php entry in the Pages-URL section of the awtats statistics. If you don't, you are OK. But if you do find one, check the 'Entry' column. If this value is high, you should suspect that there are still hacking attempts occurring. Basically you will need to make a clean install. Then overwrite the wp-content with the previous folder.
Also highly recommend installing the Bad Behavior plugin. It blocks suspicious connection attempts to the admin pages.
And how would you know that you are successfully blocking the hacking attempts? You should monitor your Awstat ( or similar web log analysis software) results everyday. You should be able to find the admin-ajax.php entry in the Pages-URL section of the awtats statistics. If you don’t, you are OK. But if you do find one, check the ‘Entry’ column. If this value is high, you should suspect that there are still hacking attempts occurring.

]]> http://www.neox.net/w/2008/05/16/wordpress-blog-hacked-with-admin-ajaxphp-vulnerability/#comment-12333 Technology madness Sun, 22 Jun 2008 15:26:33 +0000 http://www.neox.net/w/?p=155#comment-12333 So, now after upgrade to 2.5.1, do you think your site is clean? I had a similar issue but not sure how to fix it. However, I do see wp-admin/admin-ajax.php accessed by someone. When I tried it to acess wp-admin/admin-ajax.php, it returns -1 value in browser. What does that mean? Do you think wordpress 2.5.1 is now secure? So, now after upgrade to 2.5.1, do you think your site is clean? I had a similar issue but not sure how to fix it. However, I do see wp-admin/admin-ajax.php accessed by someone. When I tried it to acess wp-admin/admin-ajax.php, it returns -1 value in browser. What does that mean? Do you think wordpress 2.5.1 is now secure?

]]>