7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

77.66.214.80 Tinmce hack for wordpress-you may be at risk

by Jim Hudson
4 replies
Hello, this is a fairly recent attempt to find a backdoor into your blog from Russian hackers. I have found 2 times where this same IP address has attempted to access my blog from a vulnerability in wordpress plugin tinymce. My brand new blog less than 2 days old has been attacked twice by this joker. His IP is this 77.66.214.80

http://w.w.w .XXXXXXXXXXXX.com/plugi...y_mce/plugins/...

June 2, 2010 09:18:33 77.66.214.80 0 type=file&folder= Windows ME Internet Explorer 6

I hope this brings some attention to this problem and all of you who have this plugin, you may want to stop using it until a fix has come to us.

Here are some references to look at. An advanced wordpress warrior here may also have some insight to help out.



WordPress TinyMCE Hack Will Kill Your Blog


WordPress › Support SQL attack on wpress 2.9.2

http://www.wpsecuritylock.com/cechri...dy-case-study/

Thread SQL attack on wpress 2.9.2 | WordPress Support | BoardReader

Detailed Post-Mortem of a Website Hack Through WordPress & How To Protect Your WordPress Blog From Hacking
#hack #risk #tinmce #wordpressyou
  • Profile picture of the author Sean Donahoe
    Here is a good article from Wordpress about protecting your site:

    Hardening WordPress WordPress Codex

    The WordPress › WP Security Scan WordPress Plugins tool is pretty good plugin. There are some other recommendation on there too.

    All the best

    Sean
    {{ DiscussionBoard.errors[2171771].message }}
  • Profile picture of the author Lawrh
    Originally Posted by Jim Hudson View Post

    June 2, 2010 09:18:33 77.66.214.80 0 type=file&folder= Windows ME Internet Explorer 6
    Windows ME with IE6 and attacking from the same IP. Must be an entry level hacker. If he cracks your blog they'll let him have XP.
    Signature

    “Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

    {{ DiscussionBoard.errors[2172380].message }}
  • Profile picture of the author Dennis Gaskill
    You should block his IP address and cut him off at the pass.
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[2172401].message }}
  • Profile picture of the author Jim Hudson
    He has a whole block of ip address to use. He also uses proxies from the US as I had found doing a search on him. There is a bunch of info by just putting his ip in the search bar and taking a look. Thanks to all who replied, I have taken Sean's advice and downloaded several of the plugins that he speaks of.
    Signature

    "In order to get a mental picture..You must first put film in the camera.." Jim Hudson
    Learn how to cloak affiliate links for Facebook for FREE Plus More!

    {{ DiscussionBoard.errors[2172432].message }}

Trending Topics