6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

New Threat To Wordpress blogs

by Nightowl
5 replies
A number of WP blogs use "Uploadify" to send multiple files to their servers. The Foxypress plugin is one module that uses it; there are others. I suggest you check this link for info:

WordPress modules holed by Uploadify - The H Security: News and Features

and also the link in the article that lists known plugins and themes that are vulnerable to attack. If anything strange has been happening on your WP lately, this may be the reason.


- Nightowl
#blogs #foxypress #hack #threat #uploadify #wordpress
  • Profile picture of the author Ti
    It is very important EVERYBODY secure their Wordpress against this. Lots of websites are being used to host DDOS attacks due to this bug.
    Signature

    Affiliates Wanted --> http://Pwnboxer.com <-- Promote to your MMORPG/World of Warcraft Niche
    Insanely Popular Software Lets You Play 5x WoW+ On 1 PC - 100% Legit Bliz Approves Multiboxing
    Current Affiliate Stats: June 4th 2011: EPC = $3.50, Conversions = 10.2%, $23.50/sale

    {{ DiscussionBoard.errors[6522117].message }}
  • Profile picture of the author GreenPixel
    It's like the TimThumb thing all over again! :-)

    I just had a client call me today with a malware hack that was probbly due to this uploadify thing. Just like the timthumb vulnerability, though, there are also good practices to put in place to protect yourself even if you have a vulnerable edition and there isn't an immediate fix. Edit that .htaccess file (outlined here Making Uploadify Secure - Uploadify) and sleep better at night.
    Signature
    {{ DiscussionBoard.errors[6522206].message }}
  • Profile picture of the author carlpicot
    Wordpress is awesome but it's like leaving the kids at home with no parents or babysitter if you leave it unattended!

    You know that it's just a matter of time before it gets harmed!

    thanks for the info Nightowl

    cheers

    xxxxcarlxxxx
    Signature
    <=Action Is Your Key To Success, Start Now!=>
    {{ DiscussionBoard.errors[6522226].message }}
  • Profile picture of the author gaspman123
    oh my, this is some very critical info, i never even heard this news.
    {{ DiscussionBoard.errors[6522232].message }}
  • Profile picture of the author Ti
    I know a person at one of the largest server hosting companies in the United States. They are seeing a LOT of DDOS attacks from webservers that have Wordpress websites, all due to this bug.

    Check your logfiles for this:

    188.93.210.112 - - [28/Jun/2012:00:14:40 -0500] "GET /wp-content/uploads/2011/404.php?udp=202.75.54.186 HTTP/1.1" 202 211

    That is a typical attack entry due to this critical wordpress bug. This is literally the worst bug you can have. Horrible.
    Signature

    Affiliates Wanted --> http://Pwnboxer.com <-- Promote to your MMORPG/World of Warcraft Niche
    Insanely Popular Software Lets You Play 5x WoW+ On 1 PC - 100% Legit Bliz Approves Multiboxing
    Current Affiliate Stats: June 4th 2011: EPC = $3.50, Conversions = 10.2%, $23.50/sale

    {{ DiscussionBoard.errors[6522279].message }}

Trending Topics