Comments on: My Blog Hacked, Yet Again – Wordpress 2.6.5 Vulnerability / Exploit?

By: Tony

Tony — Sat, 06 Feb 2010 02:05:15 +0000

Why is this world so unjust? Can’t hackers just leave WordPress bloggers and other sites alone and find something else to do?

By: John

John — Fri, 19 Jun 2009 16:35:54 +0000

I’ve experienced the same thing. First learned of it when Google e-mailed to tell me they were going to delist me because of spam on my site. I was running. 2.7.1 at the time. I upgraded to 2.8 using the WP based upgrade (not a clean wipe). The span was gone. Then yesterday it reappeared. Different ads but clearly the same exploit. I have tried disabling all plugins to no avail. Since it went away after an upgrade, it’s pretty clear this is a WP problem, but I can’t find the script that’s doing it.

Any help would be greatly appreciated.

By: Will

Will — Tue, 03 Feb 2009 17:04:39 +0000

No prob. I would definitely like to know what the vulnerability is.

By: Michael VanDeMar

Michael VanDeMar — Tue, 03 Feb 2009 06:01:58 +0000

Well, Will, that would appear to be because I was hacked again, this time with WP 2.7.

Thanks for the heads up.

By: Will

Will — Tue, 03 Feb 2009 05:57:57 +0000

I’m still seeing the spammy links when I look at the cached text version of the page, and it was last cached on February 2nd. Why would that be?

By: Jaimie Sirovich

Jaimie Sirovich — Tue, 20 Jan 2009 02:36:08 +0000

Check out WordPress Firewall: http://www.seoegghead.com/blog.....-p544.html

Let me know if you want me to look into it. Many plugins _do_ totally suck from a security standpoint, but you say it wasn’t a plugin. Hrm. Do you have logs?

Look at Matt’s comment on this below blog post … and the other comments. I think Anil is totally unfair, but he has a point.

http://www.movabletype.com/blo.....-secu.html

By: john a

john a — Tue, 20 Jan 2009 01:18:39 +0000

same thing happend to me. was on 2.6.5 i think too.

wordpress forums are pretty useless for help ans it is never wp’s fault (yet they find some reason to release an update every other week).

lost my serp’s too. damn …

By: Michael VanDeMar

Michael VanDeMar — Sat, 17 Jan 2009 17:08:30 +0000

I did check the plugins. I found sites that were exposed to the same hack I was that had none of the plugins I was using. Every time I have been hacked before it was the Wordpress software itself that was the problem, so that is my strongest suspicion. To date, to the best of my knowledge, there has not been a release that an exploit was not found for, at least up until 2.6.5 supposedly. Check out here:
http://blogsecurity.net/wordpr.....blogwatch/
and here:
http://blogsecurity.net/wordpr.....erability/
and here:
http://blogsecurity.net/wordpress/wordpress/

As I mentioned in the post, mine was the only blog I found running 2.6.5 that was infected, but I was checking manually, and checked less than 100 blogs. I might do some more in-depth research later and see if I can dig up more info on it.

By: Proxy Blog

Proxy Blog — Sat, 17 Jan 2009 16:41:30 +0000

Hi,

There are lots of ways that you could have been hacked even if the hack wasn’t via the WP “software” itself. Maybe somone got your blog admin or even your ftp login via a previous hack – you should change those. Another possibility is that you had/have a plugin with some sort of vulnerability eg there’s a vulnerability in a popular Adsense plugin.