Hi All,
for the past week I have been pummelled by trackback spam. I haven't really been too concerned about it because I have been diligent about deleting them & blocking the URL's as it happens. Its a nusaince, but at least b2e handles it in a couple of mouse clicks.
Well tonight I was typing up a new post, and realized that my [url=http://lenwood.cc/]site[/url] has been taken captive. I have no idea how they did it. It looks like all of my sql files are still intact, as is my installation of b2e, they just edited the index.php file.
Before I switch it back, has this happened to anyone else? Any idea how this could have happened? I'm kind of at a loss as to how they got access. My logins & passwords are intentionally different (and complex) for b2e and my webhost. I'm asking my webhost, too, to see if they can offer any assistance.
Also, any idea how I can protect myself from this happening again?
the first and most important question is what version of b2evo were you running? Had you taken care of this: http://b2evolution.net/news/2005/08/31/fix_for_xml_rpc_vulnerability_again_1
google's latest cache (Aug 31, 2005) shows you at :
<meta name="generator" content="b2evolution 0.9.0.10" /> <!-- Please leave this for stats --> which is obviously not the current release.
That would be your first problem.
I would be interested in taking a look at your apache logs if you have them handy. pm me if you dont mind.