8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

WordPress Sites Under Attack

by slatron25
5 replies
I receive the SANS Institute bi-weekly security newsletter and this was one of the stories. So you may want to check your wordpress sites.

From the email:

(May 10, 2010)
There are reports that websites powered by WordPress have come under
attack. The code injection attacks affect sites hosted by DreamHost,
GoDaddy, Bluehost and Media Temple. The affected pages appear to be
infected with scripts that install malware on the systems of site
visitors and that also prevent browsers from issuing warnings about
unsafe sites. It appears that sites powered by Zen Cart eCommerce
have also been attacked.
Large-scale attack on WordPress - The H Security: News and Features
Mass Injection Attack Hits WordPress Blogs across Multiple Hosters - The malicious code hides from Google's crawler - Softpedia
#attack #sites #wordpress
  • Profile picture of the author indexphp
    Put this plugin on all your WP blogs: WordPress › Bad Behavior WordPress Plugins

    prevents bots from hitting your site
    Signature
    www.TrafficPlusConversion.com
    {{ DiscussionBoard.errors[2088485].message }}
  • Profile picture of the author dvduval
    Sounds pretty scary. Definitely going to be keeping an eye on this one. Any links for the exact specs of the exploit? (so we can search for a patch)
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[2088511].message }}
  • Profile picture of the author Istvan Horvath
    The "news" is about 5 days old...

    I am in no way defending WP or their security related practices. (At this moment I will simply not comment on that...) However, as more than one source reported: it is NOT a WordPress specific attack!

    Experts are currently still puzzled over which hole was actually exploited for the large-scale attack. The only thing that seems certain at this point is that the problem didn't originate in WordPress
    Note that we are not blaming Wordpress here. I am assuming that if the problem was on Wordpress itself, the number of infected sites would be much much bigger. Maybe a plugin is vulnerable or someone stole lots of passwords. Also, all the hacked sites were on shared hosts, no one so far on a private server.
    If you are infected, here are the possible solutions:

    1. Sucuri Security: Simple cleanup solution for the latest Wordpress hack
    (it provides a short script for cleanup)

    2. manual cleanup:
    http://www.wpsecuritylock.com/breaki...-on-dreamhost/

    Good luck!
    Signature

    {{ DiscussionBoard.errors[2088569].message }}
    • Profile picture of the author Kevin Koop
      I found out today that one of my client's site (run by WordPress) was hacked in this manner but as Istvan pointed out, this is not a WordPress specific issue.

      In researching the issue, I found the same "Sucuri Security" information mentioned already. People reported similar attacks on sites run by WordPress, Joomla and even custom php scripts.

      HostGator was able to restore the site using a recent backup but they were unable to determine how the site was penetrated.

      So, if you have sites running php, it's probably wise to run a full backup and have it handy just in case you need it.
      Signature
      {{ DiscussionBoard.errors[2088672].message }}
      • Profile picture of the author spainops
        I have discovered I have problems with 3 domains on my hostgator account.

        On each domain (they are all wordpress) the home page has dissapeared. When I recreate the page it appears fine but then dissapears shortly afterwards. I thought using a post as the home page would be a temporary solution. That appeared OK until tonight when I edited the page and published it and about 99% of the content dissapeared immediately.

        I discovered this problem on Tuesday 18th but don't know exactly when it started. I was working on one of the corrupted blogs at the weekend and all was fine.

        I don't think it is a plugin that has caused this as I tend to have the same plugins on most of my domains.

        Today I installed a secure wordpress plugin in a hope this might help prevent any more problems (WordPress › Secure WordPress WordPress Plugins)

        So YES BACKUP YOUR BLOGS !

        Si
        {{ DiscussionBoard.errors[2114336].message }}

Trending Topics