About a month ago it was WordPress blogs hosted at Network Solutions that were under attack, and now that list of host companies has expanded to DreamHost, GoDaddy, Bluehost and Media Temple. It’s disturbing that after the news about Network Solutions more than a month ago, you would think these host companies would have had something in place to defend against such attacks.
According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected. Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted.
The hacked web pages appear to have been infected with scripts, which not only install malware on users’ systems, but also prevent browsers like Firefox and Google Chrome, which use Google’s Safe Browsing API, from issuing an alert when users try to access the page. When Google’s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.
Experts are currently still puzzled over which hole was actually exploited for the large-scale attack. The only thing that seems certain at this point is that the problem didn’t originate in WordPress, because if this was the case considerably more pages would have been infected. However, opinions differ as to whether the security hole only affects older WordPress versions: While Chief Information Security Officer Todd Redfoot explicitly advises that customers update to the most recent WordPress version, David Dede’s “Sucuri Security” blog unequivocally states that pages created with the latest version of WordPress have also been infected.
Related Articles: http://www.techjaws.com/wordpress-self-hosted-blogs-under-attack/
Source: The H Security