1 reply to this topic

[egon]

Hey all, I'm not good with this stuff. My DB usage has been ridiculous lately, and my friend told me I'm getting hacked. Checking apache logs gave me this the first time it happened:

---------------------------------------------------
[27/Feb/2008:12:19:11 -0800] "GET /comments/feed/ HTTP/1.1" 500 391 "-" "FeedBurner/1.0 (http://www.FeedBurner.com)" "-"
---------------------------------------------------

For whatever reason this specific request ran for 5 minutes and 40 second. While running, it issued the following mysql query:

---------------------------------------------------
SELECT option_value FROM wp_options WHERE option_name = 'siteurl'.
---------------------------------------------------

This query was issued repeatedly and rapidly for the duration of the 5 minutes and 40 seconds.

Next, which was just about an hour ago:

---------------------------------------------------
Mar 12 13:21:20 10.2.0.57 query_logger.pl[3241]: INFO: 1371783 "db22***" "***database-name***" IDX_YES 1 SELECT bb4b264131236a7f922e526e281b7db5 -- SELECT option_value FROM wp_options WHERE option_name = 'siteurl'
---------------------------------------------------

The loop was occurring 500 times per second for at least 5 minutes. The asterisks are the database name.

I'm using an outdated version of Wordpress but can't upgrade until my designer sends my new theme.

My host is busting my balls over this...can someone please help?

[TkTech]

I would like to test this myself, would you mind sending me the URL of your site, in PM if you wish.

FeedBurner is NOT a malicious site, however someone could be using its nature of pinging a recently added feed to DDoS your site. It may be best to use .htaccess to block out the site for awhile.