back to article Fake site punts Trojanised WordPress

Fraudsters have set up a fake site featuring a backdoored version of the WordPress blogging application as part of a sophisticated malware-based attack. The fake Wordpresz.org site offered up what purports to be version 2.6.4 of the open source blogging tool. In reality all but one of the files are identical to the latest …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Up

    automatic updating ... at last

    > Also in the upcoming 2.7 release of WordPress we are including a built-in upgrade mechanism within WordPress which will allow people to upgrade automatically with ease.

    At last! This has been one of the remaining few pains of using Wordpress.

  2. Moss Icely Spaceport
    Thumb Down

    It's only bloggers

    Move along, there's nothing to see here....

  3. Terry Brown

    Automatic Updating... erm, you can do it now...

    Download this plugin : http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-12-release.html

    When an update is available it lets you know, a few clicks and it does it all for you. Very nice plugin, I believe it's this one that's being used in 2.7

  4. Bruno de Florence
    Linux

    In that case

    Doesn't The Register use WordPress? So should I stop reading The Register online? Na, joking.

  5. doc
    Thumb Up

    Bots and Hacks Still expoitable

    More on Wordpress 2.6.2 and 2.6.3 exploits.

    Malicious damage can be caused by exploits from JadenAveBot used by PSI; hosted by Cogentco. The trick is writing exclusions in the robot.txt

    ****User-agent: Bad bot

    Disallow: / cgi-bin /

    Disallow: / images /

    Disallow: / tmp /

    Disallow: / private /

    Disallow: /wp-content /

    Disallow: /wp-admin /

    User-agent: Snapbot

    Disallow: / cgi-bin /

    Disallow: / images /

    Disallow: / tmp /

    Disallow: / private /

    Disallow: /wp-content /

    Disallow: /wp-admin /

    User-agent: ShopWiki

    Disallow: / cgi-bin /

    Disallow: / images /

    Disallow: / tmp /

    Disallow: / private /

    Disallow: /wp-content /

    Disallow: /wp-admin /

    User-agent: Voyager

    Disallow: / cgi-bin /

    Disallow: / images /

    Disallow: / tmp /

    Disallow: / private /

    Disallow: /wp-content /

    Disallow: /wp-admin /

    User-agent:JadynAveBot

    Disallow: / cgi-bin /

    Disallow: / images /

    Disallow: / tmp /

    Disallow: / private /

    Disallow: /wp-content /

    Disallow: /wp-admin /****

    another trick is to excluded websites using PHP Script and htaccess files to work together to ban sites and user defined ranges to limit access to wordpress sites.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022