WordPress Exploit

We are currently experiencing some problems due to a WordPress Exploit that appears to have been used against the blog. This will cause readers to be redirected to random third party websites and try to download windows EXE files.

We are working on resolving this issue and will provide information as soon as it has been fixed.

In the meantime we apologise for any inconvenience it has caused and would like thank all those readers who pointed out the behaviour to use.

Mike

UPDATE 09/08/10: John has removed the injected JS from our DB and things should be fine…..for now

Share:
  • Digg
  • del.icio.us
  • Facebook
  • MySpace
  • Reddit
  • StumbleUpon
  • Technorati
  • TwitThis
  • Design Float
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • Scoopeo
  • Tumblr

8 Comments

Dan  on August 9th, 2010

“try to download windows EXE files”

Good job that we use Macs then ;)

John  on August 9th, 2010

Thanks to WordPress being a security colander, the lovely hackers managed to inject some javascript tags at the end of every post in the database. These have now been removed.

I am considering porting the whole blog over to Drupal at the same time as a design refresh. Once I get some spare time ;)

These hacks are getting more frequent on WordPress, which isn’t good for us :(

John.

John  on August 9th, 2010

Another thing to consider about porting over to Drupal would be the loss of ranking in Google. All the incoming links would probably break, so it’s not an easy decision. Mapping the old links to the new links would be a nightmare, so I would probably have to keep them the same in Drupal as much as possible.

Food for thought :)

Either that or we stick with WP and hope they plug some of the holes.

mike  on August 9th, 2010

Hi Dan, LOL, I know, it’s kinda funny really. It just takes up so much time to clean these things up.

John has sorted it for now and as he has said we will review how we host the site moving forward to try and stop these attacks causing problems.

I do feel sorry for Windows users though ;o)

Mike

Simon  on August 9th, 2010

I take it you got my e-mail – it’s even funnier when they try and tell you that XP is infected and you’re using an iPhone lol

mike  on August 9th, 2010

Hi Simon, yes, I got your email. Big thanks for the heads up.

I agree about the messages. Maybe these hackers should check on the content of the site before launching an attack. Trying to get a Mac user to download an EXE or talk about Virus tools is just dumb.

I just wish that dealing with this stuff didn’t take up so much time (big thanks to John for cleaning things up).

Mike

Phil M  on August 9th, 2010

Its isn’t just the content of the site (although its kinda dumb they didn’t). Its not really that hard to insert a few more lines to test the OS the client is viewing from, although the fact that they don’t care about Mac (and now mobile browsing) just makes it easier for us, I guess.

Sad to say, I saw one of these a few days ago running on my Mac and it really looked realistic and even had the Vista/7 theme. If they would be less generic and actually spoof a major Windows Virus package, most people would not be able to tell the difference (as long as they were running that virus package).

Arif  on August 10th, 2010

hmmm those hacker guys ..Good try fellows showing the weak injecting point …but why do they after a learning blog????…test your skill with big website guys. Then we will know you guys really can handle big trouble after injecting..

Leave a Comment