Webmaster Forum

Webmaster Forum (http://www.v7n.com/forums/index.php)
-   Blogging Forum (http://www.v7n.com/forums/forumdisplay.php?f=45)
-   -   Wordpress Alerts Thread (http://www.v7n.com/forums/showthread.php?t=174002)

HTMLBasicTutor 02-22-2010 05:22 PM

Wordpress Alerts Thread
This sticky thread has been created as a resource for self-installed Wordpress users (it is assumed wordpress.com would take care of these a.s.a.p.).

Define self-installed Wordpress:
You set it up all on your lonesome! You downloaded Wordpress yourself (or the person you hired) and installed it. You (or the person you hired) setup the database yourself. You add your own theme(s) and plugins.

Define not self-installed Wordpress:
You used a "push button" install provided by your hosting company.

If you can't update your Wordpress installation, then when you notice an alert here, get after your hosting company to update!

Only alerts please. No general conversation.

If an alert is posted without a solution and one comes available, that kind of reply is ok (one only solution please). Please quote the alert in your reply.

HTMLBasicTutor 02-22-2010 05:27 PM

WordPress Thrashing Authorisation Bypass

Thomas Mackenzie has reported a vulnerability affecting Wordpress >= 2.9. Versions before 2.9 are not vulnerable....

...To fix this problem, update to the latest WordPress version which is currently 2.9.2....

...The vulnerability only concerns multi-user blogs, for standalone user blogs this can be seen as a low impact issue....
Complete alert: WordPress Thrashing Authorisation Bypass - BlogSecurity

Bolding to the fix added by yours truly. :)

Don't forget to backup your files and database before applying the fix!

HTMLBasicTutor 04-09-2010 03:52 PM

Hundreds of Wordpress Blogs Hit by ‘Networkads.net’ Hack

A large number of bloggers using Wordpress are reporting that their sites recently were hacked and are redirecting visitors to a page that tries to install malicious software.

According to multiple postings on the Wordpress user forum and other blogs, the attack doesn’t modify or create files, but rather appears to inject a Web address — “networkads.net/grep” — directly into the target site’s database, so that any attempts to access the hacked site redirects the visitor to networkads.net. Worse yet, because of the way the attack is carried out, victim site owners are at least temporarily locked out of accessing their blogs from the Wordpress interface.

It’s not clear yet whether the point of compromise is a Wordpress vulnerability (users of the latest, patched version appear to be most affected), a malicious Wordpress plugin, or if a common service provider may be the culprit. However, nearly every site owner affected so far reports that Network Solutions is their current Web hosting provider....
Hundreds of Wordpress Blogs Hit by ‘Networkads.net’ Hack

There is a fix included in the article if this has happened to you.

HTMLBasicTutor 04-13-2010 02:54 PM

Secure File Permissions Matter
Apparently there's some rumours/stuff going around about the Networkads.net issue above.

Wordpress' clarification/rebuttal: Secure File Permissions Matter

ScriptMan 04-13-2010 03:52 PM

Some how I missed this thread the first time around back in Feb. This is a valuable resource for the self installed WordPress user.

Good thread Tutor.

HTMLBasicTutor 05-10-2010 02:46 PM

Large-scale attack on WordPress

According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected. Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted...
Large-scale attack on WordPress

zeruel 05-11-2010 09:08 PM

Read about that article this morning. I was about to post it here too.

Also found this thread from WP Security Lock which has a good discussion about the issue. Check it out as well.

HTMLBasicTutor 05-11-2010 09:56 PM


Originally Posted by zeruel (Post 1386318)
Read about that article this morning. I was about to post it here too.

Also found this thread from WP Security Lock which has a good discussion about the issue. Check it out as well.

There is a good set of fix instructions there.

zeruel 05-12-2010 02:17 AM


Originally Posted by full house (Post 1386326)
they should improve the feature of WP why they are making it complicated?

I didn't get your point here. Complicated? Have you read the link?

HTMLBasicTutor 05-12-2010 10:34 AM

What’s Up with Go Daddy, WordPress, PHP Exploits and Malware?
Post from GoDaddy regarding the current attacks going on: What’s Up with Go Daddy, WordPress, PHP Exploits and Malware?

Remember: This is not a GoDaddy specific incident.

HTMLBasicTutor 05-17-2010 08:57 PM

Breaking News: WordPress Hacked with losotrana on Go Daddy

Reports of WordPress blogs self-hosted at GoDaddy.com and have been infected with the losotrana[dot]com/js.php on Monday, May 17, 2010.

Warning: This is dangerous malware! This scareware injection tries to infect your site visitor's computer. If your visitors do not have an up-to-date anti-virus program running, their computers could get infected....
Breaking News: WordPress Hacked with losotrana on Go Daddy Monday, May 17, 2010

The Latest Information on Compromised Sites - GoDaddy blog 5-17-2010

HTMLBasicTutor 06-09-2010 10:12 AM

Cloudisthebestnow hacked WordPress at Godaddy

On June 8, 2010 at approximately 3pm EST self-hosted WordPress blogs, along with other PHP based websites started getting attacked with cloudisthebestnow malware. This is a server-side hacker attack. We have confirmed reports of hacked websites hosted at Go Daddy again. However, other hosting companies may also be affected.
Breaking News: WordPress Hacked with cloudisthebestnow on GoDaddy

Bolding added by yours truly. ;)

theprodigy 08-19-2010 02:59 PM

Too bad I did not found this thread earlier there would have been some valuable information for me and would have saved me a lot of time! :(

@The (last) Wordpress hack: some hosting companies (not gonna say names) really failed. I read there were people being hacked six times others lost parts of their site/content. From some of those big hosts I really expected more professionalism.

HTMLBasicTutor 09-20-2010 02:30 PM

myblindstudioinfoonline.com malware
This is not meant to pick on GoDaddy, it's so you all are aware no matter what hosting you use.;)

Saturday, September 18 12:09 PM

WordPress hacked with myblindstudioinfoonline malware on Godaddy
We have confirmed reports that numerous websites hosted at GoDaddy have been hacked with myblindstudioinfoonline.com malware, including WordPress blogs.

Our first confirmed report of an infected site hosted at Go Daddy was on September 17, 2010 at 5:27pm, the time in which all the .php files were changed.

At this time, it is unclear as to whether any other hosting provider has been affected.
WordPress hacked with myblindstudioinfoonline malware on Godaddy

Monday, September 20 8:00 AM

On September 17, 2010, numerous websites hosted at GoDaddy, including WordPress blogs, were hacked with myblindstudioinfoonline.com malware.

Affected websites got injected with a long malicious script located at the top of .php files that starts with <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb...

...On September 19, 2010 at 9 pm CST, we received a new statement from Go Daddy that they've cleaned and restored all affected websites...

...At this time, it's still unclear whether other websites hosted elsewhere have been affected. If you know someone hosted elsewhere that experienced this malware, please leave a comment below.
Update: GoDaddy Resolves myblindstudioinfoonline Malware Hacked Websites

HTMLBasicTutor 10-04-2010 05:38 PM

Malware Attack: meqashopperinfo Hacks WordPress sites at 123-reg

As of October 4, 2010, we have confirmed reports of websites hacked with a fake AV malware that are hosted at www.123-reg.co.uk. The meqashopperinfo malware injects a very long script that starts with <?php /**/ eval(base64_decode("aWYoZ.... and infected .php files, including self-hosted WordPress blogs.

This is dangerous malware and can infect site visitors computers. If you're hosting at 123-reg, please check your .php files immediately for any malicious code.
Malware Attack: meqashopperinfo Hacks WordPress sites at 123-reg

HTMLBasicTutor 11-30-2010 04:57 PM

WordPress 3.0.2

Posted November 30, 2010 by Mark Jaquith. Filed under Releases,Security.

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area.

WordPress 3.0.2 - Wordpress News Blog

Bahnyen 12-01-2010 09:20 AM

Wow, This thread are very good, just found!. Hope it is not too late for me. I did not read all the links yet but would like to say thanks for everyone who update very interesting news on this thread.
I wish somebody can stop those criminal people very soon.

HTMLBasicTutor 12-08-2010 03:53 PM

WordPress 3.0.3

WordPress 3.0.3 is available and is a security update for all previous WordPress versions.

This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

These issues only affect sites that have remote publishing enabled.

Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen.

Download 3.0.3 or update automatically from the “Dashboard → Updates” screen in your site’s admin area.

WordPress 3.0.3 - WordPress News

HTMLBasicTutor 12-24-2010 02:29 PM

Malware Attack: acrossuniverseitbenet Hacks WordPress Sites

On December 22, 2010, we received several reports that a new malware attack (acrossuniverseitbenet) has infected WordPress sites hosted at GoDaddy and possibly other hosting providers.

The malware script injected is as follows:

(I have put spaces in the url below for your protection so you can't click to open the url.)

<script src="http:// acrossuniverseitbenet .com/js.php?kk=10" > </script>

The worst part about this virus is it's much harder to clean. The malicious hackers have stepped it up a notch and decided to infect the WordPress database and not just server files. The above script is injected inside every single page and posts inside the database (wp_posts table).

This malicious script redirects website visitors to various sites hosting "Fake AV" websites and some are zero-day attacks. A zero-day attack means that anti-virus programs may not yet have their definitions updated and your computer can become infected even with up-to-date software.

Continued: Malware Attack: acrossuniverseitbenet Hacks WordPress Sites

HTMLBasicTutor 12-29-2010 03:18 PM

3.0.4 Important Security Update - Official Wordpress News

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.


All times are GMT -7. The time now is 08:48 PM.