Watch Out for Recent WordPress Gumblar PHP Exploit

May 12, 2009 · 94 comments

Kristi wrote a guest blog post at TechJaws about the attack last weekend on her well known Kikolani Blog by the PHP Script Injection Exploit in WordPress 2.7.1.  Kristi explains how she restored her blog and dealt with the issue. The UnMask Parasites blog provides additional details on what is known about this particular malware which has been dubbed the Gumblar .cn Exploit.

Gumblar exploit does NOT affect only WordPress. It can target any site using .php including Drupal, PhotoPost and even the Bangalore Telecom Web site.

The resources below will assist you in assessing your risk, increasing security for your WordPress blog and removing this exploit if you are already affected.

WordPress Security Resources:

Security Monitoring Tools for WordPress:

WordPress Security Audit Services:

WordPress Security Plugins:

Read the Best of GrowMap or Stay In The Loop!

Subscribe to the GrowMap feed via RSS or Email to receive notifications when new posts are published. Follow GrowMap on Twitter too!

{ 92 comments… read them below or add one }

John G February 25, 2010 at 6:50 pm

Twitter: @SEOWorks

A few major companies actually hire these hackers, because they were so talented as to break into their system. Maybe that’s the answer, feed the poor and renegades of society, offer them work. Yes, let’s hack the hackers!

Reply

m65 March 1, 2010 at 9:52 am

Twitter: @m65jacket

very nice article thanks for the share
.-= m65´s last blog ..Alpha M65 Field Jacket =-.

Reply

crocwireless from cheap tmobile phones March 4, 2010 at 8:49 am

Twitter: @muqtada123

I m happy to hear about the new update from wordpress blog, now it is really hard to get your blog attacked by stupid spammers by installing some great wordpress created some strong anti-spam plug in which helps in saving your blogs from spammers. Thumbs up!!!

Reply

Laptop Repairs London March 16, 2010 at 5:56 am

No big companies hire hackers. Thats a myth, if they did it would be a bit like running a car garage and employing car salesmen. Not the right tactic.

Reply

Dump Trucks April 6, 2010 at 4:33 am

See.. the hacking is rising with all its way and with very much innovative and new of its ideas.. One must have to be very cautious while running a blog and site as there is threat of hacking the data is there. Some preventive measures must have to be done in relevance with this.

Reply

Ryan Stickel April 9, 2010 at 2:43 am

I randomly found this through a search and Im so glad!
.-= Ryan Stickel´s last blog ..http://starz.com/features/spartacus/widget =-.

Reply

Jane Ardent from Watch Spartacus Online April 9, 2010 at 2:44 am

I am so happy I found your blog!

Reply

nurussadad April 14, 2010 at 11:30 am

Thanks for the post.. i must aware about this kind of hack today
.-= nurussadad´s last blog ..Door Duisternis tot Licht =-.

Reply

adam from Make Money On Web April 16, 2010 at 11:45 am

One of my niche websites was hit by this and let me just say that it was not pretty. My advice: Backup often! This can really mess things up, and if you don’t have a recent backup of your database you are in trouble..

Reply

James from Pool Vacuum Cleaners May 12, 2010 at 9:35 pm

I’ve been trying to find some sort of way to make wordpress more secure so that these PHP injections don’t happen so easily. Can anyone recommend some measures that I can take to protect my blog?
.-= James@Pool Vacuum Cleaners´s last blog ..Contact Us =-.

Reply

undelete files May 17, 2010 at 6:58 am

Twitter: @c

I was asking if there is any way to strengthen your security for the wordpress blogs.
.-= undelete files´s last blog ..RaidLabs File Uneraser – The best file recovery program which supports all file systems =-.

Reply

Andy from Directory Submission May 19, 2010 at 7:06 am

I think these have all been fixed now with the new wordpress. Thank god!
.-= Andy @ Directory Submission´s last blog ..Directory Submission =-.

Reply

John from Porsche Parts for Sale May 23, 2010 at 12:37 am

Getting a site hacked is certainly no fun at all – I had one hacked a few years ago and it took way too much time to get things back in order – not fun.

Reply

John from Porsche Parts for Sale May 23, 2010 at 12:39 am

Getting a site hacked is certainly no fun at all – I had one hacked a few years ago and it took way too much time to get things back in order – not fun. If I had just picked a stronger password it may not have happened at all.

Reply

Brian from Caroline June 29, 2010 at 6:00 am

Twitter: @wordpress_video

Thank you very much! Appreciate the heads up.
.-= Brian@Caroline´s featured blog ..Best Wordpress Plugin =-.

Reply

Johngh July 5, 2010 at 5:34 pm

I read about it some days ago in another blog and the main things that you mention here are very similar

Reply

Leave a Comment

CommentLuv Enabled

This site uses KeywordLuv. Enter YourName@YourKeywords in the Name field to take advantage.

{ 2 trackbacks }

Previous post: How to Create a Successful Blog Based Business

Next post: Intelligent Bloggers to Consider Reading