{"id":174,"date":"2008-07-02T23:40:35","date_gmt":"2008-07-02T21:40:35","guid":{"rendered":"http:\/\/www.wuenschenswert.net\/wunschdenken\/archives\/174"},"modified":"2008-07-05T00:03:41","modified_gmt":"2008-07-04T22:03:41","slug":"what-the-hack","status":"publish","type":"post","link":"http:\/\/www.wuenschenswert.net\/wunschdenken\/archives\/174","title":{"rendered":"What the hack"},"content":{"rendered":"<p>If you suddenly have a file called kubrickbg_old.jpg in your wordpress installation, your php scripts contain weird eval base64 encoded parts, and the directory .\/wp-includes\/js\/tinymce\/themes\/advanced\/images\/xp contains files it shouldn&#8217;t, then you, like me, have probably been hacked. Good thing google analytics tells me.<\/p>\n<p>Remember to remove the &#8216;WordPress&#8217; user, too. It&#8217;s not actually part of WordPress. Neither are the postings with an attachment of ro8kbsmage.  And uploaded files should go to wp-content\/uploads, not to ..\/..\/..\/..\/tmp<\/p>\n<p>It&#8217;s time to update the wordpress installation, anyway.<\/p>\n<p>UPDATE: I was amazed to find another div display:none with the names of lots of drugs I have never tried and probably never will at the end of this article. Seems like the buggers are alive and crawling RIGHT HERE. If this happens again, I&#8217;ll have to hire an exterminator. I took this as an additional motivation to update the wordpress installation to 2.5.1. Fortunately the update turned out to be a time consuming but painless process (go, 9600baud!), so here we go again.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you suddenly have a file called kubrickbg_old.jpg in your wordpress installation, your php scripts contain weird eval base64 encoded parts, and the directory .\/wp-includes\/js\/tinymce\/themes\/advanced\/images\/xp contains files it shouldn&#8217;t, then you, like me, have probably been hacked. Good thing google analytics tells me. Remember to remove the &#8216;WordPress&#8217; user, too. It&#8217;s not actually part of &hellip; <a href=\"http:\/\/www.wuenschenswert.net\/wunschdenken\/archives\/174\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;What the hack&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/posts\/174"}],"collection":[{"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/comments?post=174"}],"version-history":[{"count":0,"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/posts\/174\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/media?parent=174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/categories?post=174"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wuenschenswert.net\/wunschdenken\/wp-json\/wp\/v2\/tags?post=174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}