For the past two weeks we’ve been battling WordPress hacks and attacks that have affected thousands of blogs. Fortunately, they did not get UGNN. However they did get several other sites we administer, and it’s not a pretty sight. Network Solutions was hacked twice in ten days, and they don’t seem to be able to stay ahead of the hackers.
It’s all about spam, affiliate sites for phishing, selling pirate software, and spreading malware. We are the victims — and for now, powerless to do anything about it. If you operate a WordPress driven site, then take heed. We understand Joomla and Drupal are also at risk.
Attack Affecting Hundreds Of WordPress Blogs Stems From Easily Accessed Credentials
Over the past few days, many of those using popular open-source blogging platform WordPress (www.wordpress.org) were surprised to find that their site or blog had been hacked and was redirecting visitors to a page attempting to install malicious software. New research suggests that the hacker was able to exploit users’ improper storage of configuration files.
Surveying multiple postings on WordPress forums and blogs, security expert Brian Krebs reported an attack that does not modify or create files, but rather injects the web address “networkads.net/grep” directly into the target site’s database, redirecting visitors to networkads.net. Also, due to this attack method, site owners were locked out of the WordPress interface for their blogs.
continue reading :: David Hamilton, www.thewhir.com
Network Solutions sites hacked again
Newest wave infects hosted sites, sends users to Ukrainian attack server
A week after Web hosting company Network Solutions LLC dealt with a large-scale infection of WordPress-driven blogs, the company acknowledged that other sites it hosts have been compromised. continue reading :: Gregg Keizer
Second mystery outbreak in a week
Network Solutions’ security team is battling a mysterious attack that has silently infected a “huge” number of the websites it hosts with malicious code.
The outbreak comes less than a week after another mass hack hit Network Solutions-hosted websites running publishing software from WordPress. That infection touched off a round of finger-pointing and recriminations among researchers and executives from Network Solutions and WordPress over who was responsible for the security lapse. continue reading :: Dan Goodin www.theregister.co.uk
Network Solutions Hack Highlights Hosting Risks
Website hosting vendor Network Solutions Inc. (NSI) has been forced to cleanse its customer Websites after a few “thousand” sites where attacked after an unspecified number of NSI’s shared servers were infiltrated. While NSI is still evaluating the damage, according to this story in Dark Reading, the company believes it has found the root of the problem, but isn’t saying much more
blogs were hit with malicious iframes that would automatically infect visitors to the blogsites, and in some cases, spread fake antivirus software. The attackers pilfered blogger credentials which had been stored in plain text in the WordPress database. continue reading :: George Hulme, www.informationweek.com
Websites Targeted in Mass Injection Attack
The new mass injection attack has been reported by Sucuri Security Labs, a provider of web integrity monitoring services, which noticed the malicious JavaScript via its scanner. “Just today we were notified of more than 50 sites hacked with the following malware javascript [ ... ] If we decode this javascript, we see that it is injecting this iframe from http://corpadsinc.com/grep/ [do not visit],” explained David Dede, a researcher with the company.
The /grep/ ending URL looks consistent with the ones used during the dirty attack that recently crippled hundreds of WordPress blogs hosted at Network Solutions. However, according to the stopmalvertising.com outfit, the new attack affects all kinds of websites, including those built using the Joomla! content management solution, or plain HTML ones. continue reading :: news.softpedia.com
WordPress Hack Terrifies Webmasters
Reports about a WordPress hack affecting self-hosted WordPress blogs have appeared on the Internet in March. The hack seems to affect WordPress 2.9.2, the latest version of the blogging platform.
To make matters worse there seem to be two — possibly unrelated — issues that webmasters experience. One is a malware attack that is spreading malware on hacked blogs while the other is making use of cloaking techniques to serve a different version of the blog to search engine spiders than to regular visitors and admins. continue reading :: www.ghacks.net
Computer Worm Attacks Not Updated WordPress Blogs
A computer worm is currently in the wild that is attacking unpatched WordPress blogs. Unpatched meaning blogs that have not been updated by their administrators to the latest version of the popular blogging software.
The worm exploits a security vulnerability in older versions of WordPress to create a user account, make some changes to the WordPress installation and to the permalink structure of the blog. continue reading :: from September, 2009 – www.ghacks.net
WordPress hacked, affected blogs point to malware site
The origin of the attack can be found in a WordPress hack and a virus that – according to Tech Cocktail – “infiltrates WordPress and adds a new file in your scripts directory called jquery.js and then inserts that file into the header or footer files of your site. It also inserts an iFrame that calls a 3rd party site which is known for malware or other malicious activities.”
Users who’s blogs have been hacked are advised to contact WordPress for help and to provide information that can help them devise a fix as soon as possible. continue reading :: www.net-security.org
It goes without saying … the criminals will literally do anything for financial gain. Eventually, they will ruin the web for everyone else.
Thanks for reading…
Editor / Publisher: InfoManager
