February 15 2010

WordPress hack attack – itsallbreaksoft.net paymoneysystem.info chinaontv.com

There is a new attack on older versions of WordPress doing the rounds and my version of WordPress (2.8.9 – only just behind the current version of 2.9.1) was vunerable and was compromised.

I first noticed yesterday when all of the traffic to blog.danovich.com.au was getting redirected to www.chinaontv.com about 5 seconds after loading.

Investigations revealed that my header.php file had been hijacked, a new administrator user account had been created and there were several uploads appeared in my uploads directory.

The fixes were relatively simple and are outlined here –> http://www.theinternetpatrol.com/was-your-site-hacked-redirecting-to-itsallbreaksoftnet-or-paymoneysysteminfo-heres-what-happened/

Moral of the story – keep your software up to date – even minor point versions behind can put you at risk!

I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.


Category: Geek | LEAVE A COMMENT