Tag Archives: security

Quasi-daily linkage

I’ll be damned – more WP trouble

I was fixing a webcomic issue on Greg’s blog, and I’ll be damned if from one minute to the next, it didn’t suffer from an index.php injection, too. This is weird as hell. A bunch of spurious content appeared on his homepage, although clicking through to those posts showed the correct content.

It may be time to look for alternative blagging software. Unfortunately, there are a lot of nice features that I use in WP.

WordPress PHP injection?

I just found a creepy case of injection in my index.php file. I noticed this morning that my homepage was throwing a “headers already sent” message pointing to index.php, line 10 when it wasn’t cached by Supercache. A reload of the page cleaned it up. But my RSS feed (which currently goes through Feedburner) was also trashed, and /feed wasn’t redirecting. All with the same error. Disabling Supercache fixed the homepage warning, but not the feed.

Being PHP awesome, I checked index.php for trailing whitespace, and found this snippet of code above the standard WordPress code:

That’s a problem. That forum file is, as you might expect, a crap ton of links and some JavaScript.

A few things to note:

  1. My SSH/bash history is complete and untouched. That is, I can see back for weeks, and all the commands are mine. So it doesn’t seem to be that sort of break-in.
  2. I just upgraded to WP 2.9.2 yesterday through the admin console. Likely culprit? Probably.

Can’t say for sure what it was, since I didn’t do more than a cursory check after I upgraded. The homepage would have been cached, so I wouldn’t have seen the warning there.

I suppose I should report this.

Quasi-daily linkage

Quasi-daily linkage