Web Application Security
Help! Blogs.ntu.edu.sg was hacked. Dec 17 2012 04:04PM
Teo En Ming \(Zhang Enming\) (singapore mr teo en ming gmail com) (3 replies)
Re: Help! Blogs.ntu.edu.sg was hacked. Dec 18 2012 07:12AM
mitchell (mitchell tufala net) (1 replies)
Re: Help! Blogs.ntu.edu.sg was hacked. Dec 18 2012 03:19PM
Jackie McBride (abletec gmail com)
RE: Help! Blogs.ntu.edu.sg was hacked. Dec 18 2012 01:24AM
Rahman, Tariq (Tariq Rahman cytec com)
Re: Help! Blogs.ntu.edu.sg was hacked. Dec 17 2012 10:52PM
Alexander Pick (acpi mac com)
Hi,

depends on what you actually checked for.

- did you check for files changed in the past X days (using find -mtime)
- did you check for eval() inserted or strange includes
- did you check the apache config
- htaccess rewrites (targeting only search engines maybe)
- did you check if all pictures on the site are actually ones
- did you check your rewrites (wp internal)

etc.?

There are so many ways to do this. Most wp auto hackers are dumb enough to insert just a line on top of index.php on the current theme or something (sometimes hidden using eval and base64 etc.), but some are actually smarter. If you can tell us what you actually checked for, we might be able to give you some more things to look for.

cheers,
Alex

Am 17.12.2012 um 17:04 schrieb Teo En Ming (Zhang Enming):

> Dear list,
>
> Blogs.ntu.edu.sg was hacked recently. Please search the Yahoo! search engine for blogs @ ntu. You will observe that the Yahoo! search engine returns results displaying nike shoe advertisements. If the user agent is a browser or Google Bot, and the referrer is Google, traffic to blogs.ntu.edu.sg will be redirected to http://www.newfreeshoes.com/
>
> We have searched the wordpress directories and the mysql database but found nothing. How can we trace what the hackers have done to blogs.ntu.edu.sg?
>
> Thank you very much.
>
> --
> Yours sincerely,
>
> Mr. Teo En Ming (Zhang Enming)
> Singapore
>
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus