WordPress blog hacked with admin-ajax.php vulnerability

WordPress blog hacked with admin-ajax.php vulnerability
0 votes, 0.00 avg. rating (0% score)

I just upgraded my old (don’t even know what the old version was) WordPress to the latest 2.5.1 because somebody hacked into my site and added bunch of hyper links in my latest post. And it was very clever that the hyperlinks are not shown in the browser since the position of the div is out of screen. But probably search engines will see the links and increase the pagerank or simliar action could have been done I guess.

Anyway, the migration was very easy except that I had to redefine the tag keywords from the old UTW (Ultimate Tag Warrior 3) to the WordPress.

I guess my blog was attacked by this admin-ajax.php vulnerability. They say that a hacker can run the SQL query through admin-ajax.php.

Here are some of the blogs explaining the vulnerability.

4 thoughts on “WordPress blog hacked with admin-ajax.php vulnerability

  1. So, now after upgrade to 2.5.1, do you think your site is clean? I had a similar issue but not sure how to fix it. However, I do see wp-admin/admin-ajax.php accessed by someone. When I tried it to acess wp-admin/admin-ajax.php, it returns -1 value in browser. What does that mean? Do you think wordpress 2.5.1 is now secure?

  2. Basically you will need to make a clean install. Then overwrite the wp-content with the previous folder.
    Also highly recommend installing the Bad Behavior plugin. It blocks suspicious connection attempts to the admin pages.
    And how would you know that you are successfully blocking the hacking attempts? You should monitor your Awstat ( or similar web log analysis software) results everyday. You should be able to find the admin-ajax.php entry in the Pages-URL section of the awtats statistics. If you don’t, you are OK. But if you do find one, check the ‘Entry’ column. If this value is high, you should suspect that there are still hacking attempts occurring.

  3. When you install Bad Behavior, it will block all the unverified access to admin pages which causes some of your plugins to fail. In that case, you should add your IP to the $bb2_whitelist_ip_ranges array of the plugins/bad-behavior/bad-behavior/whitelist.inc.php file.

Leave a Reply

Your email address will not be published. Required fields are marked *