Please contact the plugin author directly and give them every possible detail. His site is http://danielhuesken.de
Hello,
can you send me the advice, because i don’t kow anythng about a infect.
rverrecchia – email the developer through their site.
This conversation – if there is a problem the author needs to know about – is not suitable for public viewing. Give the developer a chance before damning his work in public.
I wrote to the developper and he answer here…
I don’t want to damning his work.
Daniel you can write me an email if you prefer.
One of my blogs was hacked last week. I am almost certain that the backwpup exploit that was discovered recently was used.
While the developer might not think it is suitable for public viewing, I think the affected users should know, you can read more about it on
http://www.exploitsearch.net/?q=%22SECUNIA%2043508%22
http://lists.virus.org/sec-adv-1110/msg00152.html
and
http://www.exploit-db.com/exploits/17987/
This is the 3rd security hole in backwpup in a year. I’m not happy about this. I spend the entire Thanksgiving day cleaning everything off and closing all the back doors.
Did you have made a update for BackWPup ?
I updated it on 10/27
Yesterday and today I looked at the server logs, files from the backwpup package were accessed directly from unknown ip addresses so I deleted the whole backwpup plugin rather than updating again.
In the end I don’t think the source of the hack was backwpup, sorry about posting a bit prematurely, but backwpup was the first thing that stood out in the logs, and then googling it immediately brought up the pages I linked to in the post above.
sorry, i have checked the Reports and if you made Update to 2.1.6, i thnik, all is fixed.
