New hacking attempt

Yesterday I recognize a new exploit attempt in my logfiles. Currently I’m analysing this SQL Injection for NextGEN Gallery (See here for more detail). If somebody have a hacker attack, please give me a note.

At the moment I cannot say for sure if this affected NextGEN Gallery… No problem found yet, puhhh

Update : Seem to be that this SQL injection is addressed to the plugin WP Photo Album – WPPA

Advertisements
Tagged

14 thoughts on “New hacking attempt

  1. James T says:

    alex installed your update and my galleries slideshows dont show now , instead I get this, The Flash Player and a browser with Javascript support are needed. Was working previously. Also today I noticed a user logged into my wordpress but showed as 127.0.0.1 and were executing nggextractXML.php. not sure if it is relevant but thought I would let you know.

  2. alex.rabe says:

    @James,

    127.0.0.1 are normally the server himself (localhost) See here : http://en.wikipedia.org/wiki/Localhost

    This should not a problem…

    Currently I can’t see any critical issue in NextGEN gallery, was a little bit to paranoid and scared 🙂

  3. James T says:

    hi Alex, I have a small issue with slideshow, when activated it shows

    The Flash Player and a browser with Javascript support are needed..

    However the sidebar widget works fine, any ideas

  4. James T says:

    ok I found 2 issues with 0.83. I deleted my 0.82 by removing the database and reinstalling completely. Since installing 0.83 there is no MCE menu added.

    2) When I activate sidebox widget it causes the error in the slideshow page :The Flash Player and a browser with Javascript support are needed.

    when widget is deactivated the slideshow resumes ?

    thanks for the plugin

  5. Mike says:

    Hello.

    Yes I’ve had two hacks, the first was just a post, the second was severe – they erased everything, and my database was mangled too.. After a search for a while thru google I found where the hackers meet and talk about my site, and how to hack it : http://www.azhack.org/forums.php?m=posts&q=2486

    I dont know if I can have any plugins after this.. Feels like everything is insecure..

    Greetings.
    /Mike

  6. alex.rabe says:

    Mike,

    in the Web with OpenSource Application we will never be secure again. Script Kiddies are review every piece of code, and of course plugins and WordPress itself could have a leak.

    So review your logifile often, keep up to date , install only plugins which you really need.

  7. Mike says:

    Thanks Alex.

    Yeah youre absolutely right. I will do all necessary actions to secure my wordpress.

    I have decided to hack the hackers forum + all their sites.
    I just can’t sit back and pretend it never happened.
    Like everyone else whos been hacked by them are doing..

    Take care, Alex
    Greetings :
    /Mike

  8. Mike says:

    I got to ask you 🙂
    NextGen Gallery, is it secure?

    Greetings.
    /Mike

  9. alex.rabe says:

    I must be quite honestly say : I don’t know

  10. Mike says:

    Oh.. I wanna use it or some Flickr plugin, I dont know yet.
    Your gallery looks nice though.

    Greetings.
    /Mike

  11. Jenny says:

    Guess my site has been hacked as well. When you click at one of my pictures the lightbox doesnt appear anymore, the picture appears in the browser instead.
    Where do I find log files and what to do?
    Thanks for your help
    J

  12. Jamas says:

    Hey Alex,

    Well so far NextGEN Gallery is holding up much better then WPPA to hack attempts. The site slsc.ca which I admin was hacked twice in the last week.

    The first time they managed to replace all the files in my active theme. Mostly my fault as I had the folder permissions and file permissions wide open on that page.

    However the second time they managed to insert a post into the site and replace the contents of several pages. I noticed that my stats show search hits for: ‘allinurl: page_id album “photo”‘ which is a WPPA format for pages. They then managed to upload a .zip file into the uploads directory. The some how managed to unzip it which must then have given them access to the site. Still trying to sort out all the details.

    So I am going to try an experiment. Patch the site back up (clean copy of all wordpress files (just in case they managed to change anything). Remove WPPA and install NextGEN Gallery. The site slsc.ca now shows up on their hacking forum so will see if they managed to get in using NextGEN. I will let you know the results.

    Jamas

  13. alex.rabe says:

    @Jamas
    keep in your mind that I’m not free for failure, good luck…

    @Jenny
    Give me a link to your page

  14. Jenny says:

    when I changed to thickbox it seems to work, but I am afraid something could have happend to my db. How can I check?

    Please send me an email and I will give you the address to my site.

    Thanks for your help,
    Jenny

Comments are closed.

%d bloggers like this: