Aww Sheezy!

Sooo… my blog was successfully hacked / defaced :)

by on Feb.07, 2013, under Cracking, Hacking, Personal, Phreaking, Software, Tech

Knowing a bit about technology, I was kind of able to figure out what happened.

I guess there’s a current hack out in the wild for the “wordtube” plugin, as my site just recently experienced a defacement by some script kiddie who goes by the name “SchR1p0N”.

I just checked, and I’m at the current version of “wordtube”, which is dated Feb 28, 2011 (been a while, hasn’t it, wordtube devs?)

Anyhoo.. I captured the access log entries just prior to the timestamp of the “index.php” which was successfully replaced in my DocumentRoot.

The chunk of log that seems to have represented the hack, based on the timestamp, has been saved here.

The index.php which replaced my home page has been saved here as an html, so it can stay visible :).

The vulnerable php file which lives inside of the “wordtube” plugin, named wpTube-fr.php – has been saved here as a text file to prevent execution, but to allow for examination :)

The timestamp on this index.php is as follows:
-rw—-r– 1 blah blah 2632 Feb 3 15:49 index.php