Netpond ™ - View Single Post

BizChick · 04-27-2008, 05:45 PM

Found only one of mine infected - also had the upload directory set to 777, and it was an old site I haven't used in forever. Phantom user present, but no config file data was saved that I can see, although I'm changing all my info just to be sure.

Be sure you also check your posts table for an attempted insertion with attachments on or about 4/20. That seems to be how they're determining if a blog is vulnerable to this exploit. It would be a phantom entry (only shows in the table, not on the actual blog) and mine had no text but an attachment named rzf.php.giff (it's called rzf.txt in the wp-posts table). Make sure you find and delete that entry and file as well.

04-27-2008, 05:45 PM	#23 (permalink)
BizChick The Thread Killer Join Date: Jun 2004 Location: Ohio Posts: 601 Points: 59	Found only one of mine infected - also had the upload directory set to 777, and it was an old site I haven't used in forever. Phantom user present, but no config file data was saved that I can see, although I'm changing all my info just to be sure. Be sure you also check your posts table for an attempted insertion with attachments on or about 4/20. That seems to be how they're determining if a blog is vulnerable to this exploit. It would be a phantom entry (only shows in the table, not on the actual blog) and mine had no text but an attachment named rzf.php.giff (it's called rzf.txt in the wp-posts table). Make sure you find and delete that entry and file as well. __________________ Writing Services \| Get tube video feeds into Wordpress MU