Well that’s lovely

On December 19, 2012, in Security, by

The wordpress side of the blog is being rebuilt – again – due to having found a lovely file that allows for GUI access to the server.  wp-xml.php

http://blog.hacktalk.net/wso-2-5-shell-released/

Now digging into the root cause and testing/code auditing the rest of the wordpress install.

I don’t claim to be an expert in securing wordpress sites by any means, and will certainly be looking to hire someone to do a through review, but trying to keep that site secure is a near full time job some days.

 

2 Responses to Well that’s lovely

  1. bradley says:

    We’re running WordPress on Windows, so it’s not Apache.