Massive WordPress Blog Hacks and wp-content

  • Spam terrorists have circulated a dozen spam comments in forums and blogs all over the world in the past several hours. We have identified 41 (5 + 36) WordPress blogs that have been exploited. The exploited WordPress blogs all have a folder titled 1 under wp-content. If you are interested, read this article for more information.

Viewing 7 replies - 1 through 7 (of 7 total)

  • Interesting article macsoft3. Also interesting, albeit not surprising based on what I’ve seen in this forum over the past year, is the fact those blogs are running old versions of WordPress. Is that to say WP 2.3.3 is 100% safe? No one can say that with any degree of certainty but what is certain is those versions aren’t.

    Why in the world people run versions of software that are KNOWN to be vulnerable rather than upgrading to a package that has no known vulnerabilities is beyond me.

    I’ve said it elsewhere and I’ll say it here – with running your own DOT COM comes great responsibility. There are things you will have to learn, at the very least a rudimentary knowledge of HTML, CSS and PHP. You are responsible for your security, maintenance, backups, upgrades etc. If any of these things don’t float your boat then stick to Blogger or WordPress.com where your only concern will be what to blog about next.

    Amen to that.
    (says another ‘pegger)

    Well with the popularity of WordPress, and it’s taken off like a rocketship in the past couple of years, with everyone wanting to monetize their blogs.. it’s kind of become the AOL of the blogging world. EVERYBODY is using it, and not everybody knows squat about how to manage their own server, security, etc., or wants to. Yet, here they are. Just look at how the timor of the support requests has changed over the years. There are A TON more very basic questions being asked by obvious newbies, not only to WordPress, but to computing in general, as you can tell from some of the questions It’s very scary.

    But some people only learn the hard way. Get hacked once or twice, lose all your data, you become a quick convert. Some people will just have to be baptized by fire. I just hope to heck they aren’t on MY shared server space when it happens.

    </rant>

    Okay, I’ll go sit down now.

    I find it ironic that the site quoted in the first post is using an old WP install too… Plus they must be wondering why no-one is commenting – looks like they need to update their old, broken BadBehaviour too.

    Maybe the ones giving the advice on hacking should make sure their site is secure in the first place…

    Thread Starter macsoft3

    (@macsoft3)

    Why in the world people run versions of software that are KNOWN to be vulnerable rather than upgrading to a package that has no known vulnerabilities is beyond me.

    LenK,

    That’s probably because the thrill is gone a year or two after launching their blogs. Some of them also abandon their blogs after getting tired of battling with spammers.

    Just because it’s an old version of WP, doesn’t mean it’s not secure. Our web design site is running WP 2.0.11 which according to Matt is the only other secure version available. And we won’t upgrade because there are some plugins that we just love and don’t want to lose. So until I find workarounds or decide to jump on the 2.3.3 (or 2.5) bandwagon, we are standing pat with it.

    Frankly, Im prone to suggesting that with some minor patching 2.0.11 is the most secure of the whole lot.

    And, Joni, you hit it spot on with your most astute analysis.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Massive WordPress Blog Hacks and wp-content’ is closed to new replies.