April 8, 2010
There’s an incredibly dreadful hack hitting sites using the popular open source blog platform, WordPress, right now, even sites that are running the latest most up to date version (2.9.2). We know first hand as it has attacked our site and many others. Popular hosting service Media Temple confirmed the attack in a recent blog post saying, “Of those affected, 100% are running WordPress.” Our site is on Network Solutions and so it is not just Media Temple. WordPress has not made a public statement yet.
The virus somehow infiltrates WordPress and adds a new file in your scripts directory called jquery.js and then inserts that file into the header or footer files of your site. It also inserts an iFrame that calls a 3rd party site which is known for malware or other malicious activities.
According to Ben Cook, Thesis theme creator Chris Pearson was also hit by the hack as well as several prominent sites and dozens if not hundreds of others. The hack was covered on ThemeLab.com including details about it in the video (below).
Thankfully, Christopher Penn shared how to clean up one version of the virus. However, we followed the steps and found that we were not hacked in the same way but our wp_options table in WordPress seems to be a common thread as we were also affected by the virus in the same table.
If your site has also been hacked, please help the WordPress team figure out where the vulnerability might be by gathering the following information:
- a list of what plugins you’re running
- what version of WP you’re running
- what theme you’re using
- who your hosting provider is
- and a list of any other applications installed on your account
Then contact WordPress at firstname.lastname@example.org and please also let us know in the comments section below. Hopefully, WordPress will release a fix for this issue soon. Until then we’ll try and keep the TECH cocktail site up but we’ve been getting hit every day with a slightly different version of the same attack. Stay tuned.
Did you like this article?
Get more delivered to your inbox just like it!