Not sure, but here’s how to clean up the site and make sure you upgrade to the latest version.
http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked
Thanks, my own sites are not affected.
But as there are many 3.2.1 installs out there which can not “just upgrade” due to (still) incompatible plugins or other reasons, any info on this new(?) exploit would be very helpful.
Some more info:
This was what happened a few days ago, when a lot of WordPress-based websites running the obsolete 3.2.1 version and two exploitable plug-ins (Spam Free and UPM Polls), were hacked using SQL injection and malicious files with random names (osgik.htm, agoku.htm, kaxyv.htm and so on), uploaded in wp-content/uploads WordPress folder
Source: cleanbytes.net/compromised-wordpress-based-websites-leading..
This past weekend one compromised Web site in particular caught my attention. Based on my analysis, the site was compromised because it was running an old version of WordPress (3.2.1) that is vulnerable to publicly available exploits [1] [2].
Source: http://community.websense.com/blogs/securitylabs/archive/2012/01/30/..
So the plugins Spam Free and UPM-Polls seem to be the problem here, not 3.2.1 alone:
WP-SpamFree WordPress Spam Plugin SQL Injection Vulnerability
WordPress UPM-POLLS Plugin 1.0.4 Blind SQL Injection
So is the solution, just remove those plugins until they’re updated?
Otherwise you could come up with an .htaccess RewriteRule to prevent any html files being uploaded to the uploads directory in the meanwhile.
