A Long Morning Thanks to WordPress Hack
Tuesday, April 7th, 2009
WordPress hack leads to site problems.
I shouldn’t have picked up the voicemail. My day was going so well until then.
After dropping my daughter off at school around 8, I noticed a voicemail left about 15 minutes earlier. I picked it up to hear Elliot. Why was he calling so early? It couldn’t be good.
And it wasn’t. Elliot said he visited DNW and got a warning that the site had malicious code.
I hurried home and logged in to my email to find several messages form people saying they got the same warning. I had notes on Twitter as well.
Crap.
Someone found a vulnerability in WordPress that enabled them to add a link to a .cn web site on DNW.
I quickly emailed Bradley over at SiteGraduate, who gave me some ideas on where to get started. Then I reached out to a mailing list I belong to and found a former co-worker to help me clean it up and upgrade WordPress to the latest version.
I’m still not sure what the exact vulnerability was, but suffice it to say you should always upgrade to the latest version of WordPress.
Many thanks to everyone for notifying me of the problem and helping me resolve it!
Related posts:
Sorry to be the bearer of bad news. My buddy Richard (who is a regular on your blog) first noticed it. Good to see you back in action – and it’s a good lesson and reminder for us all.
Andrew, glad you are all ok.
This is one of the biggest concerns I have in regards to all of the new companies and so called developers popping up and setting up web sites on wordpress platform.
I am 99% sure that the wordpress systems will never get patched and upgraded… As they need to.
Domainers won’t do this. Their service providers won’t do it either. Hackers are gonna have a blast going through servers with 100s or 1000s of websites running outdated wordpress builds.
I feel bad for all those people who have ordered dozens and hundreds of the wordpress powered mini sites.
I warned ya’ll…
Best,
Mike
Keeping yourself up to the latest version of WP and its plugins can be quite crucial, but it’s only part of the story. You also need to make sure you have backups and a DR plan in case everything goes wrong. This is what I follow: http://askowen.info/2008/06/creating-a-disaster-recovery-plan-for-your-wordpress-blog/
Owen,
Great point however the backup plugin you mention is almost 2 yrs old.
A lot happened with wp 2.7.
Andrew,
When I went to your site this morning, I saw that a download box opened that was linked to a .cn site. I immediately knew that was wrong and immediately turned off my computer.
I then ran my malware and mcafee and nothing turned up. Don’t know if that is good or bad??
Do you know what they were up to??
What were they trying to pass onto me??
(I know that it wasn’t good.)
That was the first time I had experienced that thru WP.
Mike,
“I told you so” is not very professional.
Own, you should be fine as long as you have anti virus installed.
Thanks Owen. The plugin you refer to is no longer supported. Have you tried it with WP 2.71? Does it work?
Any idea about blogspot ?
Does blogspot has such security problems ?
Blogspot is hosted, so they patch it themselves. But I wouldn’t recommend a hosted solution.
[...] at dnw.com had his WordPress hacked recently. I noticed it at around 5am EST and tried to contact Andrew to let him know, without success. [...]
I had the same thing happen recently (and is still happening in some instances) I blame it on a rootkit / malware that managed to get my passwords for a lot of stuff via Outlook.
After spending a day repairing all of my sites I got rid of the problem, but what a pain in the ass.
The exploit iframed a .cn site correct?
PPC – yes. .cn has a lot of problems like this because of lax regulation and dirt cheap pricing.
I don’t believe this was a password issue.