Image by Josh Self (Flickr)
It seems that hackers have been on the offensive in past couple of weeks targeting self-hosted WordPress blogs. I mean we’re talking all out war here.
The scary part?
Rather than going for the WordPress installation on individual websites, these hackers target installations on hosting servers meaning the reach is widespread. Even worse… the big boys of the hosting providers have been affected: GoDaddy, Network Solutions, DreamHost and Media Temple.
If you do not use any of these companies to host your WordPress, you still aren’t out of the woods yet. Many reseller hostings use these companies as their primary hosting. Plus, with the frequent waves that these attacks keep coming, it’s only a matter of time before they reach other hosts.
In other words, be on the lookout if you have a self-hosted WordPress blog.
Even this instance, as I write, GoDaddy is dealing with another new server exploit wreaking even havoc on more WordPress blogs.
The Culprit
Blogs affected from a breached host server are infected with scripts that redirect visitors from your website to another website that infects the visitor’s computer with malware. I happened to have come across one of these infected websites by chance and you’ll notice that the browser window closes and a message pops up asking you if you want to download an anti-virus.
First of all, update your virus definitions since visiting an infected website will infect your computer with a harmful malware. Then if you notice that your own blog appears infected and redirects to a blank page or you receive a message to download anything, stop. Do not click Yes or OK.
If your blog is infected, don’t panic. The malware can be removed by following instructions on this page.
Be Alert
Unfortunately, there’s not much that can be done on your part to prevent these server attacks except hide in your basement with a shotgun. OK, a little too much but just be prepared. It helps, though, to keep up to date with the latest server exploits at WPSecurityLock.com so you know if trouble is in the neighborhood.
Now would be a great time for that backup , too, wouldn’t it?
And while we're on the subject...
Tweets that mention Holy Hackers! Wordpress Users Be On The Lookout - The Freelance Rant -- Topsy.com
May 12th, 2010 at 10:32 pm[...] This post was mentioned on Twitter by Johnny Spence. Johnny Spence said: New Post… Holy Hackers! WordPress Users Be On The Lookout http://bit.ly/bNwbkp [...]
Chris Olbekson
May 13th, 2010 at 1:17 amThis is really starting to get out of hand. First it was Network Solutions now it is growing more wide spread by the day. One thing to check with your shared hosting provider is to make sure they are running suExec or suPHP which will prevent other users on the server from being able to infect your files. Also make sure you user a very secure ftp password and change it frequently.
Chris Olbekson´s last blog ..Help a Houston Liquor Distributor Improve their Website by Providing Feedback
Tomasz Kowalczyk
May 13th, 2010 at 9:30 amCould You tell us what security bug causes this? Is this something WordPress-related, or simply too “easy to break” server configuration?
Tomasz Kowalczyk´s last blog ..[Linkdump #4] Z kamerą wśród serwerów – elePHPant.
Johnny
May 13th, 2010 at 10:11 am@Tomasz
These hackers gain access to hosting servers, then run scripts to attack WordPress websites within them rather than attack the WordPress on individual websites. And yes, it appears to be an “easy to break” server configuration on the part of the hosting companies. Here’s more info on the causes of these attacks:
Cechirecom.com.js.php – WordPress Hacked (the video will scare you!)
WordPress Hacked with Zettapetta on DreamHost
Exploit on WordPress Returns – Go Daddy Responds!
Johnny
May 13th, 2010 at 10:20 am@Chris
From what I see, it doesn’t appear that GoDaddy or Network Solutions use either the suExec or suPHP (hence the widespread attack). Maybe they’ll learn their lesson now.
I highly recommend and use strong passwords too.
Jon Buscall
May 20th, 2010 at 7:23 amI know MediaTemple have recently implemented a security change to protect accounts but even so I found this whole episode rather worrying. Especially as Google was banning infected blogs.
Time for a really good security plugin for WP?
Jon Buscall´s last blog ..Video critique of this site by Ari Herzog
Johnny
May 21st, 2010 at 9:03 pm@Jon I think hackers will always be ahead of the game no matter kind of security is provided in WP. The best thing is to always do backups and be ready in case trouble strikes.
Colin Perini
May 22nd, 2010 at 10:49 amWhat do you mean it’s no good hiding in the basement, that’s my standard escape for everything! There’s not even any mirrors there!
Colin Perini´s last blog ..Little steps in the dark