Posted on April 6th, 2008 at 7:31 by fr3@K
I received an email yesterday afternoon, informing me this blog has been hacked:
Regarding fsfoundry.org,
This email is not an April’s fools email and it has been sent to notify you that your blog’s version is old and needs to be updated ASAP as it was hacked.
While tracking some Viagra spammers I have come accross several links coming from your blog and, after testing it, it appears your blog is 2.1.* generation hence vulnerable to SQL injection blind-fishing attacks. Search Google to learn more. In a few words: spammers can take full control of your blog in a matter of minutes and deface it at will.
These attacks are as serious as they can get as the spammers have full access to your blog and add hidden HTML elements to mask their links.
You MUST update your blog to the latest official WordPress version and manually clean your last 5-10 posts of the parasite links which you will only see in HTML view.
Not doing so may attract severe search engine penalties as you are currently linking to sites with VERY bad reputation.
Hoping you will take required action,
A.S.S. (Anonymous Security Specialist)PS: I got your email address from your Dashboard / Users Management Section. I have warned many during the past months regarding the vulnerable blogs, being a blogger myself, but it seems I haven’t warned everyone. Lateste WordPress is secure.
PPS: Your login name is XXXX and password hash is XXXXXXXXXXXXXXXXXX
This email was sent to me anonymously, which inevitability made me more or less skeptical. I figured the best way to be sure was by making an examination of my posts manually as suggested.
So I did, and found one of the recent posts has indeed been inserted with a hidden <div> block full of links:
<div style="height:1px; width:1px; overflow:hidden"> <a href="http://www.agentie.info">agentie de modeling</a><br> <a href="http://bijuterii.ofertalunii.info">cantar bijuterii</a><br> <a href="http://cariera.e-consiliere.info">consiliere cariera</a><br> <a href="http://comenzi.pepiata.info">comenzi de carti</a><br> <a href="http://cumpar.pepiata.info">cumpar aparat foto</a><br> <a href="http://dormitoare.ofertalunii.info">dormitor pret</a><br> <a href="http://www.e-promotii.info">promotii la masini</a><br> <a href="http://educatie.e-consiliere.info">referat educatie</a><br> <a href="http://finantare.proiectenoi.info">program de finantare</a><br> <a href="http://gestiune.proiectenoi.info">curs gestiune</a><br> <a href="http://igiena.e-consiliere.info">igiena casei</a><br> <a href="http://instalatii.ofertalunii.info">instalatii sonorizare</a><br> <a href="http://investitie.proiectenoi.info">investitie profitabila</a><br> <a href="http://licitatii.pepiata.info">formulare licitatii</a><br> <a href="http://www.ofertalunii.info">oferta internet</a><br> <a href="http://optimizare.agentie.info">optimizare motoare</a><br> <a href="http://www.pepiata.info">piata agricola</a><br> <a href="http://promovare.agentie.info">plan promovare</a><br> <a href="http://regulament.e-promotii.info">regulament biliard</a><br> <a href="http://rochii.e-promotii.info">rochii la moda</a><br> <a href="http://sapard.proiectenoi.info">agentii sapard</a><br> <a href="http://sursa.proiectenoi.info">sursa de energie</a><br> <a href="http://tricouri.ofertalunii.info">tricouri sport</a><br> <a href="http://www.proiectenoi.info">proiecte cercetare</a><br> <a href="http://www1.dietaslabirenutritie.info/">nutritie cura slabire</a><br> <a href="http://aerobic1.coolsportinfo.info/sitemap.html">rutine aerobic</a><br> </div>
So yeah, this blog had been hacked,1 and upgraded as advised.
Thanks big for the heads up, A.S.S.
        |
|
| Previous Post « Mistake in IBM’s developerWorks « |
Next Post » 五種寫 For Loop 的方法 » |
