SEO SPAM network - Details of a mass attack (many .gov, .com and .edus hacked)
blog.sucuri.netPart of the problem is that a lot of security advisories basically say "run the latest version".
Restricting access with .htaccess is a good idea; http://www.themepremium.com/wordpress-security-restrict-wp-c...
If you fail to upgrade immediately, malware is often installed and remains after an upgrade. I missed one site by a day and got infected. The default option to print the WP version in the <head> of each blog would certainly lower the likelihood of a script finding an outdated site. Unfortunately once hacked, truly cleaning the site requires
1. Backing up theme, making list of plugins installed 2. Inspecting theme for any hacks. (difficult if you wrote your own) 3. Deleting _all_ files 4. Walking through the wp_options table for any leftover holes (very difficult) 5. Re-install WP 6. Re-install theme and plugins.
The WP team needs to work in something like you linked to into the core.
I'm actively reviewing WordPress 3.0 beta for upgrade and plug-ins. Once I've got the .htaccess fix working in 3.0 beta I'll post the patch.
There are a few ideas I'm considering for securing and monitoring WP installations for intrusions.
i got hacked by something almost exactly like this like 3 months ago. They uploaded a folder called .files with about 2K html files there to each of my folders.
Probably a few million crap files all together. Was a huge pain in the ass to clear all that crap out. After that point I killed all wordpress installs, since it has such a huge target on it's back.
This .files attack was common too. We posted about it a while ago:
http://blog.sucuri.net/2010/05/it-is-not-over-seo-spam-on-si...
btw your blogsite is very scammy looking.
I got a message from my host with a link to your site, where you instructed to download and install a file...and I was 100% sure that it was just just a scam, where you sent out spam messages pretending to be hosts, with a link to the blog post where you were asking me to download malware.
In fact I was in the process of contacting customer support of my host, when I noticed the letter I got in recent history.
You should really spend a little time making it look more legitimate,
You lost me there. We never sent messages to anyone to download and install files. Can you forward the email to me (dd at sucuri.net)?
*but I agree, we really need some improvements on our design.
what I meant was that I got a letter from my host telling me I got hacked(a week or so after I fixed everything)...and they linked to your site.
But after hitting your site, I got the impression that it was just a scam site trying to get me to install some malware.
Oh, sorry about that. I misunderstood it.
But it is nice to see hosting companies linking to us :) I am still looking for a designer to work on our blog/site.
Shameless promotional plug: http://waldendesign.com/
I work for them 2 days per week, I'm sure we'll be able to help you if you're interested.
Anyone know anything about sucuri.net? Reputable?
Yes, we are reputable :)
Thanks for all those emails!
A few hours ago I didn't know if you were legit. Now I see how considerate you are.
So glad I met you on HN.
I'm failing to see any mention of a .gov domain in the article.
Just do the suggested searches at the bottom of it:
badminton.mit.edu
Oh god no! Don't let it be true!