gpg: Signature made Wed Mar 6 19:56:25 2013 UTC
gpg: using RSA key BEB441496300CC3D
gpg: Can't check signature: No public key
On Wed, Mar 06, 2013 at 10:05:30AM +0000, Andy Smith wrote:
> Hello,
>
> On Wed, Mar 06, 2013 at 09:45:27AM +0000, Adam Spiers wrote:
> > Do we know which version of WordPress was compromised?
> > And that it was definitely WordPress not another service?
>
> No; if the customer has no interest in investigating then
> unfortunately I can't usually spare the time to do it for them,
> beyond the basics needed to resolve the abuse report.
>
> I would find it unusual for an attacker to compromise some other web
> app but then decide to put their .htaccess and other files in a
> Wordpress that coincidentally happened to be on the same server,
> though. These things tend to be straightforward.
Oh you'd be surprised. At DreamHost we would get people who had an old
version of $software installed somewhere else on their account and it
would go and infect as much as it could.
> I suspect that it is unrelated to the actual compromise, being more
> of a "this is something you can put in someone's web site to turn it
> into a stealthy porn redirector" tool, so yes maybe the actual
> compromise is not in Wordpress.
Agreed.
-Jeremy
