[Nottingham] We've been hacked/cracked! THREE times!!!

Martin martin at ml1.co.uk
Wed Jan 29 22:54:50 UTC 2014


On 29/01/14 09:10, Martin wrote:
> On 29/01/14 08:59, Martin wrote:
>> Folks,
>>
>> FYI:
>>
>> OK, so our WordPress site has been attacked, from what looks to be three
>> attempts! All on 21/01/2014 and 28/01/2014.

>>
>> And just for being really paranoid: Can any maliciousness be executed in
>> a .css file?
>>

Apparently so, at least in the distant past.

OK, so the very few examples of css in the writeable area are now
non-writable, and no other css can be added. (Even if css in the uploads
area could somehow be contrived to be looked at.)


Next...

Cheers,
Martin

-- 
- ------------------ - ----------------------------------------
-    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg



More information about the Nottingham mailing list