6 Mar
2013
6 Mar
'13
7:56 p.m.
On Wed, Mar 06, 2013 at 10:05:30AM +0000, Andy Smith wrote:
Hello,
On Wed, Mar 06, 2013 at 09:45:27AM +0000, Adam Spiers wrote:
Oh you'd be surprised. At DreamHost we would get people who had an old
version of $software installed somewhere else on their account and it
would go and infect as much as it could.
Do we know which version of WordPress was
compromised?
And that it was definitely WordPress not another service?
No; if the customer has no interest in investigating then
unfortunately I can't usually spare the time to do it for them,
beyond the basics needed to resolve the abuse report.
I would find it unusual for an attacker to compromise some other web
app but then decide to put their .htaccess and other files in a
Wordpress that coincidentally happened to be on the same server,
though. These things tend to be straightforward. I suspect that it is unrelated to the actual
compromise, being more
of a "this is something you can put in someone's web site to turn it
into a stealthy porn redirector" tool, so yes maybe the actual
compromise is not in Wordpress.
Agreed.
-Jeremy