MyTestBox.com :: web software reviews, news, tips and tricks

Is your Wordpress blog hacked? Why not upgrade to the latest version?

Jun 12, 2008 by Mircea GoiacloseAuthor: Mircea Goia Name: Mircea Goia
Email: mtb@mytestbox.com
Site: http://www.mytestbox.com
About: Mircea Goia was born in Romania and imigrated to USA in 2005. He lives in Phoenix, AZ and works as web developer. Aside, he works also on several entrepreneurial Web projects. He shows a keen interest in commercial Web development such as social networks, viral marketing, online video. His artistic hobby is filmmaking with special interest in directing.See Authors Posts (73) MyTestBox News

If you are running Wordpress blog software (and it’s not upgraded to the latest version) you might have been a target for hackers who are looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other bad purposes.

Most of the attacks consist in using SQL injection and XSS cross-site scripting and that is because the user input isn’t filtered properly by the software. Some of the attacks use bots which can create hundreds of spam pages on your blog automatically, place a backdoor (so the hacker can come back at later time) or steal users passwords.

Hackers are taking advantage of the open-source nature of the software to look and analyze the source code of a specific software they want to attack and test it for potential vulnerabilities. Then the developers and users have to detect, track down, and shut down the vulnerabilities in the code that those attackers are using.
The pattern seems to be the same: when a new hole is found, it’s broadly exploited, then developers rush out a patch and/or a new release. Most of the damage inflicted by the automated exploits can be reversed with an upgrade but in some cases you can be left with thousands of spam pages and images to clean up (and they are usually well hidden). If the attacked software is very popular (and that attracts hackers too) – like Wordpress – then thousands of installs can be compromised.

Chances are that a blog owner realizes late that his blog was hacked that why it is important to keep up with the latest upgrades and security patches from Wordpress.com and keep an eye on your blog: monitor the statistics, the blog usage, have frequent backups and track other security blogs for news about any security holes one of them is BlogSecurity.net.

Read the rest of this entry »

Want more web software reviews, news and tips/tricks?
Then make sure you subscribe to our RSS feed!

Tags: blog, hacking, secure installation, Tips and Tricks, wordpress, Wordpress security plugins