Comments on: Neutralizing a Trojan.JS.Redirector.cq SQL injection on your WordPress blog http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/ Thu, 29 Dec 2011 18:01:34 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Nathan Hangen - Digital Emperor http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-484 Nathan Hangen - Digital Emperor Fri, 30 Jul 2010 19:30:47 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-484 Thank you! Kept getting kicked out of phpMyadmin, but their support helped me out. Thank god. Thank you! Kept getting kicked out of phpMyadmin, but their support helped me out. Thank god.

]]> By: yauhui http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-481 yauhui Fri, 30 Jul 2010 05:28:07 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-481 SQL injects usually do not affect the WordPress files. Your case seems more like a WordPress trojan. If you can, check through your WordPress users in PHPMyAdmin. Else, have a chat with your host to diagnose the issue. SQL injects usually do not affect the WordPress files. Your case seems more like a WordPress trojan. If you can, check through your WordPress users in PHPMyAdmin.

Else, have a chat with your host to diagnose the issue.

]]> By: Claudio http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-479 Claudio Thu, 29 Jul 2010 22:13:04 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-479 Now I can see that exact same line on every post I try to edit... Isn´t under any posts/pages yet, but it´s making me nervous to see this clearly lurking around Now I´ll try to figure out how to kick his a$$ before manage any post Now I can see that exact same line on every post I try to edit…

Isn´t under any posts/pages yet, but it´s making me nervous to see this clearly lurking around

Now I´ll try to figure out how to kick his a$$ before manage any post

]]> By: bRIAN http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-477 bRIAN Thu, 29 Jul 2010 21:03:08 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-477 I had this too!!! I realized it at 6:30AM. I did the same steps before you were maybe even awake. That didn't completely solve the issue. After the fix I was getting errors, 500 errors, database not found errors and other badness. What I did may have been drastic, i'm not sure. After I changed the password and removed the DB stuff I did the following... 1) copy all plugins to a backup directory 2) re-installed wordpress fresh via FTP 3) restored from yesterdays database backup 4) re-installed all plugins from the wordpress repository Wordpress 3 The reason for all the fresh files is because, I'm speculating, that the malware inserted itself somewhere in javascript or php and was re-infecting or causing some other badness. my apache log was showing errors, cant remember exactly what, its the error you get when php is malformed. I had this too!!!
I realized it at 6:30AM. I did the same steps before you were maybe even awake.

That didn’t completely solve the issue. After the fix I was getting errors, 500 errors, database not found errors and other badness.

What I did may have been drastic, i’m not sure.

After I changed the password and removed the DB stuff I did the following…

1) copy all plugins to a backup directory
2) re-installed wordpress fresh via FTP
3) restored from yesterdays database backup
4) re-installed all plugins from the wordpress repository

WordPress 3

The reason for all the fresh files is because, I’m speculating, that the malware inserted itself somewhere in javascript or php and was re-infecting or causing some other badness. my apache log was showing errors, cant remember exactly what, its the error you get when php is malformed.

]]> By: Tweets that mention the yauhuinator: Neutralizing a Trojan.JS.Redirector.cq SQL injection on your WordPress blog #tutorial #wordpress -- Topsy.com http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-476 Tweets that mention the yauhuinator: Neutralizing a Trojan.JS.Redirector.cq SQL injection on your WordPress blog #tutorial #wordpress -- Topsy.com Thu, 29 Jul 2010 20:32:50 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-476 [...] This post was mentioned on Twitter by yauhui, eightfalls and eightfalls, codesketch. codesketch said: @mediatemple just found that our site was hit with an SQL injection attack (same thing that they explain here http://bit.ly/dcJREA.) Help? [...] [...] This post was mentioned on Twitter by yauhui, eightfalls and eightfalls, codesketch. codesketch said: @mediatemple just found that our site was hit with an SQL injection attack (same thing that they explain here http://bit.ly/dcJREA.) Help? [...]

]]> By: Mark Olson http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-475 Mark Olson Thu, 29 Jul 2010 20:22:26 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-475 Thanks for posting the tutorial ... much appreciated! Thanks for posting the tutorial … much appreciated!

]]> By: yauhui http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-472 yauhui Thu, 29 Jul 2010 14:04:40 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-472 This tutorial shows how to remove an existing injection, not prevent a future injection. That I have not figured out how yet. The password change is just a precautionary measure. This tutorial shows how to remove an existing injection, not prevent a future injection. That I have not figured out how yet. The password change is just a precautionary measure.

]]> By: Melvin.F http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-471 Melvin.F Thu, 29 Jul 2010 13:35:57 +0000 http://www.yauhuinator.com/2010/07/neutralizing-a-trojan-js-redirector-cq-sql-injection-on-your-wordpress-blog/#comment-471 So just by deleting the URL thus eliminating the possibility of future injections? SQL injections do not need to even know your DB password. So just by deleting the URL thus eliminating the possibility of future injections? SQL injections do not need to even know your DB password.

]]>