|
Oct
31
17
|
Latest WordPress 2.3.1 Vulnerable To Hackers |
|||||
Update: WP developers are looking into this now . . . The current version of WordPress (also 2.1-2.3.1 verified so far) is apparently vulnerable to an HTML-tainting attack. I first noticed it on this blog in the next-to-top post. I've actually been on a vacation of sorts, but I monitor changes to my web site carefully. WordPress.org has been notified, but I feel that releasing only the existence of the potential vulnerability is ethical. I have also created a a tool to audit for this attack (see "How Do You Know If You're Affected?" below). Others' equity is at stake here as well! Though I don't know the exact mechanism yet, I have some ideas based on my logs, and I have a high degree of confidence it's WordPress-specific hack (or perhaps a very popular plug-in) for the following reasons: 0. The links are clearly pathological and deliberately concealed visually using CSS. Example HTML Insertion Attack:
<div id="mnu1″ style="overflow: auto; position: absolute; z-index: The outbound links appear to point to the following domains: How Do You Know If You're Affected?I'm writing a quick-and-dirty WordPress plugin to scan your blog for the signature of the HTML-tainting. Install it. It will email you with the affected post IDs if you've been hit (Note: IT SHOULD WORK NOW …). What Can We Learn From this?The Domain and URL have an equity, and black hatters are always looking for a way to exploit that. One must be vigilant to protect this equity by monitoring for attacks like this, as it can be particularly harmful to your rankings as well. HTML insertion attacks in general are also documented in my book:
Search Engine Optimization with PHP I have a high degree of confidence that this individual is involved: this guy. He has been on DigitalPoint forums. More information about him is located here. Affected WordPress Versions2.1-2.3.1 Prominent Affected Siteshttp://warpspire.com/hemingway : WordPress 2.3-alpha via http://siteexplorer.search.yahoo.com/advsearch?p=http%3A%2F%2Fsofticana.com&bwm=i&bwmf=a&bwms=p Related posts: Stop Hackers With Our WordPress Firewall Plugin v1.2 Getting hacked is a total bummer, right? Right. But... SEO-Related Apache Exploit Most deployed versions of Apache are potentially exploitable, as mod_rewrite...
| ||||||
"17 Wise Comments Banged Out Somewhere On The Internet ..."
De we need the plugin? Can't we just use the WP search tool under manage and search for "adshelper" and then repeat for "softicana"? (I can find works in links I entered in posts using the search tool.)
Jamie, do you not have any details from your logs that you post up? May help us get to the bottom of it.
So… it's been a couple days, what's the news?
Nothing so far. I have a response from WP, and they're looking into it.
I'm guessing you'll post again once you get a reponse? Thanks for the tip on this.
Any news on this? My blog got hit today with "post spam" that only appears in RSS. A search of Wordpress support, forums, etc. reveals nothing! Peter’s Blog » Blog Archive » Wordpress Vulnerable (2.3.1 and below)[...] Sirovich over at SEO Egg Head today reported that on returning from holiday he found that his blog had been hit by what he calls [...] New Wordpress Vulnerability Found -> -> Jason Golod Blogs[...] you are running Wordpress, then you will want to check out this post at SEO Egghead about a new Wordpress vulnerability. Some clever folks have figured out a way to inject some links fo free. [...] WordPress Vulnerability: Take a little time to check. : Big Bucks Blogger[...] Seo Egghead has evidently discovered a WP 2.3.1 vulnerability HTML-tainting attacks. (The vulnerability evidently exists in W.P 2.1). The apparent application is to inject ads into bloggers older posts; these would tend to look like paid links. The problems for you would be a potential drop in page rank. [...] BlogSecurity » Blog Archive » SEO Egghead Blog gets hit with spam[...] Sirovich of SEO Egghead has reported that his blog was attacked by spam is claiming that it is due to an an HTML insertion [...] Findability Today » WordPress 2.3.1 May Have a Vulnerable To Hackers[...] was looking at a SEO blog I read and I found this article SEO Egghead by Jaimie Sirovich » Latest WordPress 2.3.1 Apparently Vulnerable To Hackers. Looks like in the current version of Wordpress people can upload HTML and hijack your blog and [...] WordPress 2.3.1 May Have a Vulnerable To Hackers - Tech Blog[...] was looking at a SEO blog I read and I found this article SEO Egghead by Jaimie Sirovich » Latest WordPress 2.3.1 Apparently Vulnerable To Hackers. Looks like in the current version of Wordpress people can upload HTML and hijack your blog and [...] Search Engine Optimization Direct » Blog Archive » Latest WordPress 2.3.1 Apparently Vulnerable To Hackers[...] fiLi article is brought to you using rss feeds.Here are some of the top articles on search engine optimization.The current version of WordPress (also 2.1-2.3.1 verified so far) is apparently to be vulnerable to an HTML-tainting attack. I first noticed it on this blog in the next-to-top post. I've actually been on a vacation of sorts, … [...]
|
