Kristi wrote a guest blog post at TechJaws about the attack last weekend on her well known Kikolani Blog by the PHP Script Injection Exploit in WordPress 2.7.1. Kristi explains how she restored her blog and dealt with the issue. The UnMask Parasites blog provides additional details on what is known about this particular malware which has been dubbed the Gumblar .cn Exploit.
Gumblar exploit does NOT affect only WordPress. It can target any site using .php including Drupal, PhotoPost and even the Bangalore Telecom Web site.
The resources below will assist you in assessing your risk, increasing security for your WordPress blog and removing this exploit if you are already affected.
WordPress Security Resources:
- Should You Be Concerned About Your WordPress Security? (May 12, 2009)
- Lorelle on WordPress: Comprehensive post and links on Firewalling and Hack Proofing Your WordPress Blog
- Securing Your WordPress Blog (Jan 14, 2009)
- In Depth Tutorial On How To Secure Your WordPress Blog Tip 1 (Apr 8, 2009)
- 18 WordPress Plugins Plus Tips to Secure Your Blog (Mar 13, 2009)
- Dan Nedelko WordPress Security Plugins (Apr 23, 2009)
- Maximum WordPress Security Plugin Announcement (Jan 3, 2009)
- Sucuri: WordPress Hardening (How to obscure WordPress and Apache version details)
- 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
Security Monitoring Tools for WordPress:
- Fast, simple way to check public information for yours or any other Web site: Sucuri Web Information Gathering Tool
- Search Engine Snark recommends these Tools for Monitoring WordPress Security
WordPress Security Audit Services:
WordPress Security Plugins:
- Maximum Security WordPress Security Plugin
- WpBeginner post about WordPress File Monitor – download WordPress File Monitor from WP plugin Directory
{ 92 comments… read them below or add one }
← Previous Comments
Twitter: @SEOWorks
A few major companies actually hire these hackers, because they were so talented as to break into their system. Maybe that’s the answer, feed the poor and renegades of society, offer them work. Yes, let’s hack the hackers!
Twitter: @m65jacket
very nice article thanks for the share
.-= m65´s last blog ..Alpha M65 Field Jacket =-.
Twitter: @muqtada123
I m happy to hear about the new update from wordpress blog, now it is really hard to get your blog attacked by stupid spammers by installing some great wordpress created some strong anti-spam plug in which helps in saving your blogs from spammers. Thumbs up!!!
No big companies hire hackers. Thats a myth, if they did it would be a bit like running a car garage and employing car salesmen. Not the right tactic.
See.. the hacking is rising with all its way and with very much innovative and new of its ideas.. One must have to be very cautious while running a blog and site as there is threat of hacking the data is there. Some preventive measures must have to be done in relevance with this.
I randomly found this through a search and Im so glad!
.-= Ryan Stickel´s last blog ..http://starz.com/features/spartacus/widget =-.
I am so happy I found your blog!
Thanks for the post.. i must aware about this kind of hack today
.-= nurussadad´s last blog ..Door Duisternis tot Licht =-.
One of my niche websites was hit by this and let me just say that it was not pretty. My advice: Backup often! This can really mess things up, and if you don’t have a recent backup of your database you are in trouble..
I’ve been trying to find some sort of way to make wordpress more secure so that these PHP injections don’t happen so easily. Can anyone recommend some measures that I can take to protect my blog?
.-= James@Pool Vacuum Cleaners´s last blog ..Contact Us =-.
Twitter: @c
I was asking if there is any way to strengthen your security for the wordpress blogs.
.-= undelete files´s last blog ..RaidLabs File Uneraser – The best file recovery program which supports all file systems =-.
I think these have all been fixed now with the new wordpress. Thank god!
.-= Andy @ Directory Submission´s last blog ..Directory Submission =-.
Getting a site hacked is certainly no fun at all – I had one hacked a few years ago and it took way too much time to get things back in order – not fun.
Getting a site hacked is certainly no fun at all – I had one hacked a few years ago and it took way too much time to get things back in order – not fun. If I had just picked a stronger password it may not have happened at all.
Twitter: @wordpress_video
Thank you very much! Appreciate the heads up.
.-= Brian@Caroline´s featured blog ..Best Wordpress Plugin =-.
I read about it some days ago in another blog and the main things that you mention here are very similar
← Previous Comments
{ 2 trackbacks }