3 attacks in a week should be enough
I posted about an attack to this blog in this post, and since then I had 3 more attacks, all in the last week.
All attacks are very similar, with a php injection in the index page.
The most interesting thing is that ob_start("phpfake"); code still does not appear that much on Google, even if more than 10 days passed since I posted about it.
It’s only me? I cannot believe I am the only WP blogger that faced this attack. I also updated the blog to the last version, but attacks continue.
Oh well, meanwhile I added about 10 more addresses in the mailing list you can use to submit your Flash games…

























This post has 9 comments
Ben
I had a similar thing a long time ago. You need to change all your passwords (ftp, wordpress, mysql etc) and then scan through ALL of your theme files for things you didn’t include yourself. I also found a few changes in the wordpress core files that allowed access so uploading that again may be advisable too.
daniele
Ciao Emanuele, ho avuto esattamente il tuo stesso problema.
Iniziamo ad individuare le possibili cause. tu che software hai sul tuo host? wordpress e basta? Se si con quali addons? Che host hai?
Io aruba. Spero che insieme riusciremo a risolvere.
Shiv
it is probably because of your popularity.
Other programmers or your contemporaries are jealous of you and try to cause maximum trouble to you.
sam
if you didnt make an entry saying you got attacked, no one else woulda attacked you…. you’re advertising attacks now…
Kesh
Do you sponsor games?
Emanuele Feronato
you’re right sam… I will make an entry to say someone donated me a million dollars, let’s see what happens if I start advertising donations :)
Emanuele Feronato
daniele: hosting on aruba, latest WP 2.3.1
Daniele
Hi Emanuele, im on Aurba too (hmmm…).
I have on my space wordpress like you.
Do you have ONLY wordpress? After last php iniection i changed my ftp password, the permissions of my index.php (now not writable) via FTP, and uninstall wordpress. Its 3 days that im clean. Do you have any idea how do they make this hack? Thanks a lot.
Custard
Apperently, it brings a troigan virus to your site.