Comments on: WordPress, remv.php and You http://jasoncosper.com/wordpress-remvphp-and-you/ Gentleman of fortune. Man of action. Fri, 24 Feb 2012 03:57:55 +0000 hourly 1 http://wordpress.org/?v=3.4-beta4-20717 By: Juvy Barbosa http://jasoncosper.com/wordpress-remvphp-and-you/#comment-63675 Juvy Barbosa Mon, 19 Jan 2009 02:50:10 +0000 http://jasoncosper.com/?p=439#comment-63675 That’s a great article, Jason and ought be required reading for anyone running a WordPress blog. It gave remote browser access to my entire directory tree, modify any file, seemed like it might be able to change modification times. Regards Juvy That’s a great article, Jason and ought be required reading for anyone running a WordPress blog. It gave remote browser access to my entire directory tree, modify any file, seemed like it might be able to change modification times.

Regards
Juvy

]]> By: Laughlin http://jasoncosper.com/wordpress-remvphp-and-you/#comment-63598 Laughlin Thu, 18 Dec 2008 14:21:00 +0000 http://jasoncosper.com/?p=439#comment-63598 Got a message from google that my site was spamming. Found remv.php more or less by accident. Found out what it did by commenting out the line that checks to see if you are from the allowed list of IP addresses (near the beginning). It gave remote browser access to my entire directory tree, modify any file, seemed like it might be able to change modification times. So I look through every file (and there are a lot). Peppered through the directories are php scripts disguised as other things (eg picture.php.jpgg, right under picture.jpg). Make sure you check your files! Did the reinstall thing. Got a message from google that my site was spamming. Found remv.php more or less by accident. Found out what it did by commenting out the line that checks to see if you are from the allowed list of IP addresses (near the beginning).
It gave remote browser access to my entire directory tree, modify any file, seemed like it might be able to change modification times.
So I look through every file (and there are a lot). Peppered through the directories are php scripts disguised as other things (eg picture.php.jpgg, right under picture.jpg).
Make sure you check your files!
Did the reinstall thing.

]]> By: Anders Saugstrup http://jasoncosper.com/wordpress-remvphp-and-you/#comment-63593 Anders Saugstrup Sat, 13 Dec 2008 08:47:16 +0000 http://jasoncosper.com/?p=439#comment-63593 Good find! I will warn the Danish audience. Any knowledge on what versions of Wordpress are safe from this hack? Good find!

I will warn the Danish audience.

Any knowledge on what versions of WordPress are safe from this hack?

]]> By: rlparker http://jasoncosper.com/wordpress-remvphp-and-you/#comment-63591 rlparker Thu, 11 Dec 2008 11:40:19 +0000 http://jasoncosper.com/?p=439#comment-63591 That's a great article, Jason and ought be required reading for anyone running a WordPress blog. I've linked it from a post on the DreamHost forums, in hopes others can benefit from it. Rock On! That’s a great article, Jason and ought be required reading for anyone running a WordPress blog. I’ve linked it from a post on the DreamHost forums, in hopes others can benefit from it. Rock On!

]]>