The attack leads into an infection chain that leads to various Malware, including a rogue antivirus which we written many articles about here.
Facts about the recent hack
- Several WordPress blogs running the latest official version are currently successfully compromised.
- Attackers either manipulate the blog to spread Malware (more recently) or to cloak links that are only visible to search engines.
- It is currently not clear how the attacks are carried out.
- Some pointers are given on how to disinfect a blog.
WordPress webmasters should check their blogs immediately to make sure that it has not been compromised yet. A WordPress plugin like Antivirus might also help in preventing a successful attack.
How to protect your self hosted WordPress blog
You can download the Antivirus plugin here.
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections.
- WordPress 2.9.x ready
- Detect the current WordPress permalink back door
- Quick & Dirty: activate, check, done!
- Manual testing with immediate result of the infected files
- Daily automatic check with email notification
- Whitelist: Mark the suspicion as “No virus”
- English, German, Italian, Persian
In addition to the Antivirus plugin, you should also install the Login Lockdown plugin here.
Login LockDown records the IP address and time stamp of every failed log in attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the log in function is disabled for all requests from that range.