Wordpress hack leads to site problems.
I shouldn’t have picked up the voicemail. My day was going so well until then.
After dropping my daughter off at school around 8, I noticed a voicemail left about 15 minutes earlier. I picked it up to hear Elliot. Why was he calling so early? It couldn’t be good.
And it wasn’t. Elliot said he visited DNW and got a warning that the site had malicious code.
I hurried home and logged in to my email to find several messages form people saying they got the same warning. I had notes on Twitter as well.
Crap.
Someone found a vulnerability in WordPress that enabled them to add a link to a .cn web site on DNW.
I quickly emailed Bradley over at SiteGraduate, who gave me some ideas on where to get started. Then I reached out to a mailing list I belong to and found a former co-worker to help me clean it up and upgrade WordPress to the latest version.
I’m still not sure what the exact vulnerability was, but suffice it to say you should always upgrade to the latest version of WordPress.
Many thanks to everyone for notifying me of the problem and helping me resolve it!
Elliot says
Sorry to be the bearer of bad news. My buddy Richard (who is a regular on your blog) first noticed it. Good to see you back in action – and it’s a good lesson and reminder for us all.
wannadevelop.com says
Andrew, glad you are all ok.
This is one of the biggest concerns I have in regards to all of the new companies and so called developers popping up and setting up web sites on wordpress platform.
I am 99% sure that the wordpress systems will never get patched and upgraded… As they need to.
Domainers won’t do this. Their service providers won’t do it either. Hackers are gonna have a blast going through servers with 100s or 1000s of websites running outdated wordpress builds.
I feel bad for all those people who have ordered dozens and hundreds of the wordpress powered mini sites.
I warned ya’ll…
Best,
Mike
Owen says
Keeping yourself up to the latest version of WP and its plugins can be quite crucial, but it’s only part of the story. You also need to make sure you have backups and a DR plan in case everything goes wrong. This is what I follow: http://askowen.info/2008/06/creating-a-disaster-recovery-plan-for-your-wordpress-blog/
ActNow says
Owen,
Great point however the backup plugin you mention is almost 2 yrs old.
A lot happened with wp 2.7.
Andrew,
When I went to your site this morning, I saw that a download box opened that was linked to a .cn site. I immediately knew that was wrong and immediately turned off my computer.
I then ran my malware and mcafee and nothing turned up. Don’t know if that is good or bad??
Do you know what they were up to??
What were they trying to pass onto me??
(I know that it wasn’t good.)
That was the first time I had experienced that thru WP.
Mike,
“I told you so” is not very professional.
Andrew Allemann says
Own, you should be fine as long as you have anti virus installed.
Andrew Allemann says
Thanks Owen. The plugin you refer to is no longer supported. Have you tried it with WP 2.71? Does it work?
Hanes says
Any idea about blogspot ?
Does blogspot has such security problems ?
Andrew Allemann says
Blogspot is hosted, so they patch it themselves. But I wouldn’t recommend a hosted solution.
ppc.bz says
I had the same thing happen recently (and is still happening in some instances) I blame it on a rootkit / malware that managed to get my passwords for a lot of stuff via Outlook.
After spending a day repairing all of my sites I got rid of the problem, but what a pain in the ass.
The exploit iframed a .cn site correct?
Andrew Allemann says
PPC – yes. .cn has a lot of problems like this because of lax regulation and dirt cheap pricing.
I don’t believe this was a password issue.