WordPress Under Attack Again

by on 05/10/2010 in Security, WordPress

WordPress Blogs Under AttackAbout a month ago it was WordPress blogs hosted at Network Solutions that were under attack, and now that list of host companies has expanded to DreamHost, GoDaddy, Bluehost and Media Temple. It’s disturbing that after the news about Network Solutions more than a month ago, you would think these host companies would have had something in place to defend against such attacks.

According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected. Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted.

The hacked web pages appear to have been infected with scripts, which not only install malware on users’ systems, but also prevent browsers like Firefox and Google Chrome, which use Google’s Safe Browsing API, from issuing an alert when users try to access the page. When Google’s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.

Experts are currently still puzzled over which hole was actually exploited for the large-scale attack. The only thing that seems certain at this point is that the problem didn’t originate in WordPress, because if this was the case considerably more pages would have been infected. However, opinions differ as to whether the security hole only affects older WordPress versions: While Chief Information Security Officer Todd Redfoot explicitly advises that customers update to the most recent WordPress version, David Dede’s “Sucuri Security” blog unequivocally states that pages created with the latest version of WordPress have also been infected.

Related Articles: http://www.techjaws.com/wordpress-self-hosted-blogs-under-attack/

Source: The H Security

20 Responses to “WordPress Under Attack Again”

  1. Kristi

    May 10th, 2010

    Thanks for the update. They all keep saying it is a problem with outdated versions of WordPress, when all three times (including the PHP exploit last year) I have had my site hacked it has been after updating to the latest version. Ironically, sites I have hosted under separate hosting accounts and client sites hosted elsewhere that were not hacked were definitely not updated to the latest version.

    • Frank Jovine

      May 10th, 2010

      Kristi,

      It is happening on the latest version so I am not sure why they keep saying that.

      • Kristi

        May 10th, 2010

        What’s funny, and I don’t know how it’s possible, but Godaddy kept saying that my site wasn’t up to date, even though when I logged in I am at 2.9.2 which is the current version. It seems like a silly question, but is it possible the database is not upgraded to the version as the dashboard?

        • Frank Jovine

          May 10th, 2010

          Kristi,

          Ignore that as my Bluehost provider indicates the same thing due to lack of pings to wordpress.org.

          • Kristi

            May 12th, 2010

            Ah, nice to know. I didn’t get hit on the 10th, but the same two sites got hit again last night. I think it has to be sites on the same server, because I have secured these two sites, changed the passwords, checked my PC’s for viruses / malware (none came up), and the same two sites get hacked each time. Exploit Scanner comes up clean. My other sites also on Godaddy but different accounts / servers still haven’t gotten hit (even though they are not updated, and one isn’t even secured at all).

          • Frank Jovine

            May 12th, 2010

            Kristi,

            Check out my latest post shortly about what GoDaddy is doing to address this issue.

  2. Christie

    May 10th, 2010

    I appreciate the warning. Securing our blogs is not one of the more “exciting” things we do, because we don’t interact with our readers at all while we’re doing that. However, if we don’t take the time to secure our blogs, we won’t be interacting with readers for a very long time! ;)

    • Frank Jovine

      May 10th, 2010

      Christie,

      You right about that, I have better things to do than worry about such attacks. It’s better to be safe than to be a victim.

  3. Susie

    May 11th, 2010

    What are the steps to secure your zen cart sites?

    • Frank Jovine

      May 11th, 2010

      Susie,

      I am not familiar with what we can do to lock down Zen. I would find out if they have any security plug-ins or modules for this shopping cart software.

  4. Joe

    May 11th, 2010

    I want to say something.

    Every now and then we stop and think how much we have gone forward as human species but really such circumstances prove the opposite.

    Like said earlier I’m also hosted at Godaddy for one of my many websites, and my blog was compromised. Support Emails to Godaddy were not really helpful as they blamed me for using ‘outdated’ and ‘none secure’ scripts on my hosting account, even though I only have WordPress latest version.

    When problems occur, these gigantic companies become a bunch of spastic liars who just throw random accusations and point the finger everywhere but not at themselves.

    Now I learned my lesson, moving to another host that has capable support.

    • Frank Jovine

      May 11th, 2010

      Joe,

      It’s time to make a move. I host with Bluehost and they were one of the companies affected. I am locked down pretty well.

  5. SuperStar

    May 11th, 2010

    That really bites. I have been designing and customizing word press for several people and wanted to start using it as may main platform for CMS since it has such a user friendly interface. I really hope that my sites dont get hit. I could have some really upset folks to deal with. I dont think my host. Has anyone heard of any fixes or patches?

  6. Andrew@BloggingGuide

    May 12th, 2010

    I hope that they will really fix this and fix it for good so that it won’t happen ever again.

    • Frank Jovine

      May 12th, 2010

      Andrew,

      There will always be threats against WP because of its popularity.

  7. Site Hacks - Check your Sites - The Forums At Poker Affiliate Listings

    May 12th, 2010

    [...] a heads up for everybody that uses DreamHost, GoDaddy, Bluehost and Media Temple. WordPress Under Attack Again | TechJaws.com __________________ Check out my To view links or images in signatures your post count must be 0 [...]

  8. traci

    May 17th, 2010

    So this has happen to our site as well. Mac users say they see nothing & most people say they see nothing. But 60% have said they see random virus warning pop up after being on the page for a moment. there is a rumor that Microsoft windows update also had a bug recently. Should we have someone redo our whole site? Or should be contact go daddy to check our site? how do we move on from such a random & seemingly pointless attack?

  9. Joanie

    May 18th, 2010

    Maybe this is a dumb question, but how do you tell if your site is affected? I have one godaddy site on wordpress and one on opensourcehost right now, but I haven’t noticed any issues.

    • Frank Jovine

      May 18th, 2010

      Joanie,

      If you don’t see pop ups or redirects you are fine.