2718.us blog » hack http://2718.us/blog Miscellaneous Technological Geekery Tue, 18 May 2010 02:42:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.4 Matt (yes, that Matt) on WordPress Security http://2718.us/blog/2008/04/14/matt-yes-that-matt-on-wordpress-security/ http://2718.us/blog/2008/04/14/matt-yes-that-matt-on-wordpress-security/#comments Mon, 14 Apr 2008 17:28:56 +0000 2718.us http://2718.us/blog/?p=19 Even though the post title and first paragraph are about calling out a sound-and-fury-signifying-nothing alert, most of his post is good stuff on WordPress, with lots of links.

… there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google.

]]>
http://2718.us/blog/2008/04/14/matt-yes-that-matt-on-wordpress-security/feed/ 2
covert blog hacks? http://2718.us/blog/2008/04/08/covert-blog-hacks/ http://2718.us/blog/2008/04/08/covert-blog-hacks/#comments Tue, 08 Apr 2008 15:24:36 +0000 2718.us http://2718.us/blog/?p=8 Having noticed what seemed like it might be an urgent-ish security-related post show up in the mass of post links at the bottom of my WordPress dashboard, then following some links:

There seems to be two kinds of hackery going on, just like I’ve described:

1. Inserting “invisible” HTML full of links (for NSFW sites) into your WP template that isn’t obvious when you go to your blog, but is VERY obvious when you look at the source code (and start seeing that you’re getting traffic for some “peculiar” terms).

2. Inserting whole new source code / new sneaky themes that copy other blogs / content *exactly*, which is full of spammy content and affiliate links.

(Vulnerable WordPress Blogs Not Being Indexed > Massive Blog Hackery Exposed > TailRank Exposes Massive Number of Blogs Hacked) It seems like if you’re running WordPress, it’s advisable to upgrade to 2.5 (which was relatively painless) as well as checking the actual code of your theme…

]]>
http://2718.us/blog/2008/04/08/covert-blog-hacks/feed/ 0