1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bloggers Watch Out: Large-scale attack on WordPress

Discussion in 'Blogging' started by Guaji, May 20, 2010.

  1. Guaji

    Guaji Regular Member

    Joined:
    May 28, 2009
    Messages:
    441
    Likes Received:
    226
    According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected. Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted.



    The hacked web pages appear to have been infected with scripts, which not only install malware on users? systems, but also prevent browsers like Firefox and Google Chrome, which use Google?s Safe Browsing API, from issuing an alert when users try to access the page.

    When Google?s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.


    Source: http://www.makemoneyonline.us.com/blog/large-scale-attack-on-wordpress


    What do you think? Are your blogs hosted by those hosting companies? Did you get hacked? :drinking5
     
    • Thanks Thanks x 2
  2. CoyoteAssassin

    CoyoteAssassin Elite Member

    Joined:
    Jan 3, 2010
    Messages:
    1,862
    Likes Received:
    3,906
    Occupation:
    Full Time IMer
    Location:
    USA
    My blogs were not hacked but now that you post this, it starts to explain why I have had issues reaching some Wordpress websites and weird errors that came up today.

    Thanks for the update.
     
  3. Thrashingshrimp

    Thrashingshrimp Junior Member

    Joined:
    Mar 31, 2009
    Messages:
    172
    Likes Received:
    40
    Well that explains a lot. One of my sites was infected with malware, though it's hosted on 000webhost. Such a hassle...
     
  4. Guaji

    Guaji Regular Member

    Joined:
    May 28, 2009
    Messages:
    441
    Likes Received:
    226
    Everyone that have visited an infected blog, please update your antivirus right now. It seems that AVG is detecting the malware. I am using Kaspersky and still nothing from them.
     
  5. Guaji

    Guaji Regular Member

    Joined:
    May 28, 2009
    Messages:
    441
    Likes Received:
    226
    Clean Your Wordpress

    Thanks to Sucuri he uploaded a little file to clean your infected wordpress. Download this file to your desktop:
    http://sucuri.net/malware/helpers/wordpress-fix_php.txt and rename it to wordpress-fix.php.
    After that, upload it to your site via FTP, and run it (using your browser) as: http://yoursite.com/wordpress-fix.php



    This script will take a few minutes to complete, but will scan your whole site and remove the malware entries. Once you are done, go back to your site and remove this file.



    I don't know how much this will help. But try it out.
     
  6. pmguru

    pmguru Registered Member

    Joined:
    Feb 21, 2010
    Messages:
    52
    Likes Received:
    2
    Eeek thats not cool , im off to check all mine then. I havnt seen any issue with any in my market yet. Hopefully it doesnt continue to spread
     
  7. stopnstare

    stopnstare Junior Member

    Joined:
    Feb 11, 2010
    Messages:
    100
    Likes Received:
    13
    Occupation:
    Marketing
    Location:
    Philippines
    Home Page:
    So far I'm not effected. Doing another backup just to be sure!
     
  8. Guaji

    Guaji Regular Member

    Joined:
    May 28, 2009
    Messages:
    441
    Likes Received:
    226
    It will be your best bet, to backup all your files. I am doing it (backup) whenever there is an update in my blogs.
     
  9. Biscut

    Biscut Regular Member

    Joined:
    Feb 9, 2009
    Messages:
    329
    Likes Received:
    259
    I just checked all of my blogs and so far mine are okay as well. The report doesn't state how they were hacked and if it was some sort of security hole within those hosting sites or Wordpress itself, or if people were using easy to guess login information.
     
  10. Guaji

    Guaji Regular Member

    Joined:
    May 28, 2009
    Messages:
    441
    Likes Received:
    226

    The security hole is not from wordpress itself. But it seems from some php codes. It is hurting very bad Godaddy users.
     
  11. consciousnesscreates

    consciousnesscreates Power Member

    Joined:
    Feb 17, 2010
    Messages:
    695
    Likes Received:
    107
    This has got to have something to do with my problem at this thread http://www.blackhatworld.com/blackhat-seo/blackhat-lounge/202386-have-i-virus.html I thought I had a virus or malicious spyware even though Avast and my antispyware did not pick anything up however Hijack this says a file is not a regular install of Windows however Im scard if deleting it case comp fucks up and so it must be on Blogger do you think and not my laptop? Actually Im really not sure now as I got two Avast warnings from two sites I visited no not porn and now this blogger thing confusing to see which it is
     
    Last edited: May 23, 2010
  12. dizen

    dizen Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    483
    Likes Received:
    35
    is hostgator affected?
     
  13. wpbacklinks

    wpbacklinks Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 27, 2010
    Messages:
    3,397
    Likes Received:
    1,339
    Gender:
    Male
    Occupation:
    Affiliate Marketer
    Location:
    Everywhere
    all hosting provider may attacked by malware or viruses.

    just do this to check if your site detected by google

    Code:
    http://www.google.com/safebrowsing/diagnostic?site=google.com
    
    change google.com with your site url
    
     
  14. RaBBle

    RaBBle Newbie

    Joined:
    May 4, 2010
    Messages:
    26
    Likes Received:
    4
    Setting up a new blog yesterday I ran the "install" link in the backend of my admin for a plugin called "Easy Popular Post 1.1.6" by Christopher Ross. This is what happens when we get lazy...

    Kaspersky alerted me with: Trojan-Spy.HTML.Fraud.gen infection message.

    What better way to infect thousands of sites than to control the WP download repository whether though a direct hack or poisoned DNS on individual download domains. Either way I think that is how this is spreading right now.

    Also, n00bs, when WP or J! tells you your password is "WEAK", they mean it
     
  15. safety101

    safety101 Newbie

    Joined:
    May 25, 2010
    Messages:
    24
    Likes Received:
    0
    why does wp so stink?? why hackers fon't hack google?