HUGE hacking exploit in WordPress 2.3.3

Posted on March 25, 2008
Filed Under Webmasters |

I’ve recently been informed of a huge exploit in the latest version of Wordpress. A script which has infected roughly 45,000 websites and rising (by Google’s count).

What it does is creates a directory in your wp-contents folder named “1″ so it would basically be at http://www.yourdomain.com/wp-contents/1/.

Once the directory is there, it somehow creates a list of web pages including everything from gambling to porn. Google seems to have been indexing these pages left and right.

I’ve yet to find a definite answer on how to protect yourself and/or get rid of this Wordpress exploit, but there are plenty of discussions about it all over the net.

For more information and discussion about the WordPress 2.3.3 exploit please See:
http://www.websecurity.ro
http://smackdown.blogsblogsblogs.com
http://www.bontb.com
I hope none of you are personally affected by this, but if you are I’m glad I could point it out to you.

If anyone has a solution to this yet, I’d We’d be glad to know.

For heaven’s sake, stumble this so I can get the word out to as many people as possible!

Keith

Comments

6 Responses to “HUGE hacking exploit in WordPress 2.3.3”

1. Zubair on March 27th, 2008 6:53 am

   Great Post! Keith

2. Ash on March 29th, 2008 7:24 pm

   WordPress 2.5 is released today and hopefully this hole is plugged in the new version.

   Ash’s last blog post..Is MAC filtering a false security measure?

3. Perry Lee on April 1st, 2008 8:13 pm

   Wow, I had never even known about this, and I consider myself well updated…scary. Thanks for the article!

4. jonathon on April 6th, 2008 5:52 pm

   How about adding a .htaccess to the wp-content folder.

5. Website Design on April 7th, 2008 2:01 pm

   Great post. It’s a good idea to raise awareness about this sort of thing.

   Website Design’s last blog post..Get Free Inbound Links Using Your Blog Feed

6. WP Thoughts » Blog Archive » WordPress NOT Coming Here Soon on April 12th, 2008 4:07 pm

   […] Well I stand corrected about WordPress 2.3.3 being secure thanks to unTECHy, and a number of other blogs he has linked to on his […]

Got Something to Say?

Name (required)

Email Address(required)

Website

Enable CommentLuv which will try and get your last blog post, please be patient while it finds it for you

Notify me of followup comments via e-mail

• 
  

• Sponsors:

  ---

  ---

• 
  

  unTECHy Hello I'm Keith, a smalltown Iowa (USA) boy. I came up with unTECHy at an attempt to try my hand at blogging. Feel free to follow me as I attempt to educate and entertain my visitors with my unTECHy points-of-view.

• 
  

• Categories

  Select Category General  (14) Online Income  (4) Reviews  (3) Sponsored  (4) Stats  (3) Uncategorized  (29) Webmasters  (9)

• Recent Posts

  • DHL beats UPS anyday.
  • untargeted Adsense in Wordpress - Easy Fix
  • I overdrafted, need help quick
  • Update: My ZenniOptical experiences
  • In the market for a credit card?

• Archives

  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007

• Tags

  • SEO Sponsored Webmasters adsense google traffic