People trying to overwrite my .htaccess?

[charlesgan]

i drop by the error log today and found these.

[Tue Jun 26 05:21:50 2007] [alert] [client 125.98.162.120] /home/srworldu/.htaccess: AllowOverride not allowed here [Tue Jun 26 05:21:50 2007] [alert] [client 125.98.162.120] /home/srworldu/.htaccess: AllowOverride not allowed here [Tue Jun 26 05:21:51 2007] [alert] [client 125.98.162.120] /home/srworldu/.htaccess: AllowOverride not allowed here [Tue Jun 26 05:21:51 2007] [alert] [client 125.98.162.120] /home/srworldu/.htaccess: AllowOverride not allowed here [Tue Jun 26 05:21:52 2007] [alert] [client 125.98.162.120] /home/srworldu/.htaccess: AllowOverride not allowed here [Tue Jun 26 05:21:52 2007] [alert] [client 125.98.162.120] /home/srworldu/.htaccess: AllowOverride not allowed here

"srworldu" is not my account or folder.
and this client 125.98.162.120 is creating whole bunch of similar error, and repeated few times a minutes.

what does this mean?? trying to hack the server??

[Early Out]

If you're seeing this in the "Main error_log," it has nothing to do with your account at all. That part of the error log shows errors at the server level, before they're identified with a particular account. Probably just a bug in somebody's script. On my box lately, that log is an endless stream of deprecation warnings from ruby on rails, which has nothing to do with me at all.

[charlesgan]

If you're seeing this in the "Main error_log," it has nothing to do with your account at all. That part of the error log shows errors at the server level, before they're identified with a particular account. Probably just a bug in somebody's script. On my box lately, that log is an endless stream of deprecation warnings from ruby on rails, which has nothing to do with me at all.

thanks for the confirmation. ya, i rechecked, its at the main log section.

i concern about the security lately, because one of my hosting account with xxxxxx hosting is being hacked in. and the hacker change my wordpress title. very annoying.

[Ferdinand]

i concern about the security lately, because one of my hosting account with xxxxxx hosting is being hacked in. and the hacker change my wordpress title. very annoying.

Did find out how the hacker could enter? I had my WP Blog hacked as well recently. Luckily it was "only" a defacement. It was not WP itself which was hacked, but an unsecure plugin which the hacker used to overwrite my index file.

[charlesgan]

Did find out how the hacker could enter? I had my WP Blog hacked as well recently. Luckily it was "only" a defacement. It was not WP itself which was hacked, but an unsecure plugin which the hacker used to overwrite my index file.

i belief is the server vulnerability at one of my hosting, cause 5 blogs there all get affected. and other hosting is just fine, including bluehost hosted is fine.

which plugin is the caused of the hacked?
i having the share-this, did you pass math installed. how about yours

[Ferdinand]

Two plugins where vulnerable:
wordtube
WP-table
(the latest release is secure)

You can find some information here:
http://blogsecurity.net/wordpress/blogwatch/blogwatch/

Also my template was vulnerabe to a Cross-Site Scripting attack.
See here:
http://seclists.org/bugtraq/2007/May/0011.html
To check if your template is vulnerable, try this in the address bar:
http://www.yourblog.com/index.php/"><script>alert(document.cookie)</script>
If a pop up pops up, your template is not secure, too.
- I found a simple solution for this: I deleted the search.php and delete the reference to search in the sidebar. Instead of this now I just use the search widget which came with a recent WP update. But there is a second solution available as well by editing the PHP code.