Kristi wrote a guest blog post at TechJaws about the attack last weekend on her well known Kikolani Blog by the PHP Script Injection Exploit in WordPress 2.7.1. Kristi explains how she restored her blog and dealt with the issue. The UnMask Parasites blog provides additional details on what is known about this particular malware which has been dubbed the Gumblar .cn Exploit.
Gumblar exploit does NOT affect only WordPress. It can target any site using .php including Drupal, PhotoPost and even the Bangalore Telecom Web site.
The resources below will assist you in assessing your risk, increasing security for your WordPress blog and removing this exploit if you are already affected.
WordPress Security Resources:
- Should You Be Concerned About Your WordPress Security? (May 12, 2009)
- Securing Your WordPress Blog (Jan 14, 2009)
- In Depth Tutorial On How To Secure Your WordPress Blog Tip 1 (Apr 8, 2009)
- 18 WordPress Plugins Plus Tips to Secure Your Blog (Mar 13, 2009)
- Dan Nedelko WordPress Security Plugins (Apr 23, 2009)
- Maximum WordPress Security Plugin Announcement (Jan 3, 2009)
- Sucuri: WordPress Hardening (How to obscure WordPress and Apache version details)
- 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
Security Monitoring Tools for WordPress:
- Fast, simple way to check public information for yours or any other Web site: Sucuri Web Information Gathering Tool
- Search Engine Snark recommends these Tools for Monitoring WordPress Security
WordPress Security Audit Services:
WordPress Security Plugins:
- Maximum Security WordPress Security Plugin
- WpBeginner post about WordPress File Monitor – download WordPress File Monitor from WP plugin Directory
{ 116 comments… read them below or add one }
Next Comments →
Thanks for the notice. I will keep a lookout.
.-= Used stair lifts´s last blog ..Replace stair lift battery =-.
Well that, that is interesting. I guess I will have to keep updating my wordpress so I make sure that I dont get screwed over.
.-= jON@Facial Hair Removal´s last undefined ..If you register your site for free at =-.
Twitter: GrowMap
February 23, 2010 at 9:10 am
Twitter: @GrowMap
Yes Jon, it is unfortunate that some dedicate their lives to causing problems for others. If they are smart enough to do that one would hope they could find something more productive and beneficial to focus on.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Thanks for this very informative information. This is a good view to know things about .php
.-= ryan@chicco car seat´s last blog ..Chicco Baby Products – Introduction =-.
Backup and update! ALWAY AND ALWAYS. Nice post!
.-= Ben@Maybelline´s last blog ..Maybelline XXL Mascara – FREE! =-.
Twitter: GrowMap
October 2, 2009 at 2:13 pm
Twitter: @GrowMap
Hi Ben,
You know many people don’t know how to backup and aren’t doing it. Most only start after they’ve had their first major loss. Perhaps this post will motivate them to take action sooner instead of after it is too late.
.-= Internet Strategist @GrowMap´s last blog ..Success IS a Numbers Game =-.
After reading a bunch of exploit news I started increasing the time my database backup plugin sends me a backup to my email. If anything happens to any of my blogs I can restore it with the backup. If anyone doesn’t use a backup plugin you should get one asap. It will help out even if you make a mistake on your side and lose precious data
.-= Tony@Baby Cot´s last blog ..Baby Cot Furniture =-.
Twitter: GrowMap
October 2, 2009 at 2:12 pm
Twitter: @GrowMap
Hi Tony,
Thank you for sharing that excellent tip. You are absolutely correct. After Derek Semmler had hosting failure I checked with him and he assures me he has backups of our sites emailed to him regularly so we won’t lose anything should our host lose a server or get hacked.
For those who don’t know, you can restore an entire site from the last backup you have so you want to have backups sent as frequently as you tend to update content. If you make any major changes you will want a fresh backup asap.
.-= Internet Strategist @GrowMap´s last blog ..Local Search Directory Taps the Power of Television =-.
A bit off topic…just wanted to ask you for some hlep.
I’m using Wordpress verison 2.6.1 and I got hacked a few days ago…some bastard really screwed up my site.
I was wondering if you’ve been hacked and how you fixed it….how do you find the leak?
.-= Sharon@Steve@Semenax´s last blog ..Fruit, Veggies, and a Side Order of Sex | Foods To Increase Libido =-.
Twitter: GrowMap
October 2, 2009 at 2:08 pm
Twitter: @GrowMap
Hi Steven,
I remember your question and thought I had answered it. We lost power suddenly and I may have lost it along the way. I rely on others for technical support so if I did get hacked – which thankfully has not happened – I would have to get them to assist.
If someone needed assistance with their WordPress blog I would recommend they contact Sammy Russo at Search Friendly Web Design.
.-= Internet Strategist @GrowMap´s last blog ..How to Optimize Your PPC Advertising to Benefit YOU =-.
Strong set of resources tips, thank you. I don’t think this resource has been mentioned: http://digwp.com/ but these guys have some great suggestions regarding WP security.
Twitter: GrowMap
October 2, 2009 at 2:05 pm
Twitter: @GrowMap
Thank you, John, for sharing that additional resource.
.-= Internet Strategist @GrowMap´s last blog ..How to Evaluate Your AdWords Accounts =-.
Twitter: ChugginMcCoffee
August 18, 2009 at 3:48 pm
Twitter: @ChugginMcCoffee
Hey, I appreciate those resources for finding out your WordPress security risk. WordPress is a huge learning process, so that’s always why I look for more information to make sure that I am not missing anything when it comes to my blog. That would be a terrible mistake!
Twitter: GrowMap
October 2, 2009 at 2:03 pm
Twitter: @GrowMap
Hi Mark,
There will always be more to learn so collaborating and sharing what we find can really save time. I appreciate you being one of my most regular commentators. Thank you.
.-= Internet Strategist @GrowMap´s last blog ..How to Evaluate Your AdWords Accounts =-.
I am always concerned about my Wordpress security vulnerabilities. If you use the right plugins you can make it a lot more inconvenient for your system to be hacked. Thank you for the links, I recommend that everyone looks over them.
.-= Zicam Lawsuit Attorneys´s last blog ..Longview attorneys file more lawsuits against makers of Zicam – Southeast Texas Record =-.
Twitter: GrowMap
October 2, 2009 at 2:02 pm
Twitter: @GrowMap
Hello Zicam,
Any site can be hacked so we all have to be wary and plug any security flaws that are identified. Wouldn’t it be great if hackers would find something more useful to do?
.-= Internet Strategist @GrowMap´s last blog ..Social Networking is NOT Chat =-.
Excellent links given on wordpress plugins. I am relatively new to this system as it is providing superb management on daily updated contents. I was planning to use drupal earlier but many friends have advice me to go for wordpress instead. Now, I know why they have ask me to use wordpress.
Twitter: GrowMap
October 2, 2009 at 2:01 pm
Twitter: @GrowMap
Welcome UK,
While there are some who will recommend Drupal too, there is far more activity and many more plugins already written for WordPress. You may also be interested in our posts about growing any business and especially How to Start a Successful Blog Based Business
.-= Internet Strategist @GrowMap´s last blog ..Instantly Acquire 76 High Quality Incoming Links =-.
I thought this was only for Wordpress. Will have to take a look at some of my other sites now.
Great article! We had a hack on one of our blogs that placed several dozen links to overseas pharmacy sites. We adjusted all passwords and have has no issue since. Internet Media Brands
Twitter: GrowMap
July 23, 2009 at 5:32 pm
Twitter: @GrowMap
Hi Jerome,
Sorry to hear you were hacked and glad you have recovered. Are you planning to build any affiliate stores on your domains? If you are I can recommend some tools and merchants you may wish to use. There will be more posts on that subject in the future here so if you’re interested you may want to subscribe.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Free Business Listing to infoUSA =-.
Thanks for highlighting the exploits. Apparently my wordpress was hacked earlier with some russian guy stuffing russian site links in my index file.
Twitter: GrowMap
July 23, 2009 at 5:30 pm
Twitter: @GrowMap
Hi John,
I am sorry to hear you were hacked. I hope you have since recovered and added more security.
.-= Internet Strategist @GrowMap´s last blog ..How to Write a Review at Merchant Circle =-.
Superb list of wordpress guides collections shared here. I’m new to blogging and wordpress, but these articles really gives a good guide for new users like me. Glad to find this post.
.-= Pet Medication´s last blog ..Pet Medicine =-.
Twitter: GrowMap
July 23, 2009 at 5:29 pm
Twitter: @GrowMap
Hi Pet,
There are many posts here that will assist you, especially Selecting Keywords which explains how to make sure your posts and Web pages are easy to locate in the search engines.
.-= Internet Strategist @GrowMap´s last blog ..How to Create and Install Favicons =-.
I hope solution is already provided.
Twitter: GrowMap
July 23, 2009 at 5:26 pm
Twitter: @GrowMap
Hi Kate,
Yes, there are solutions in the links I provided in this post.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Free Business Listing to infoUSA =-.
I am using Drupal for my blog and I be very careful now thanks for your post it will be very helpful for me. Keep posting
Twitter: GrowMap
July 23, 2009 at 5:26 pm
Twitter: @GrowMap
Hi James,
Glad to be of service. Are there many IT jobs in Dubai? I added your site to StumbleUpon and Tweeted it in case others are seeking jobs there.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Business to Merchant Circle =-.
thanks for the keywordluv plugin. I wish more sites would follow.
I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success in your business Thanks for all your help and wishing you all the success in your business Feel free to check out my site Oregon business address when you got time.
Really it is nice post and thanks for sharing it and really it is very useful. I would love some feedback on my site Oklahoma business address when you got time.
Twitter: ChugginMcCoffee
June 17, 2009 at 4:21 pm
Twitter: @ChugginMcCoffee
I didn’t know that Gumblar exploit targeted other blogs than WordPress – so good to know because I know that myself and several friends don’t take these type of security precautions with our blogs right now!
Twitter: GrowMap
June 18, 2009 at 5:18 pm
Twitter: @GrowMap
Hi Mark,
Yes, I thought some might be interested in what other types of sites are at risk. How’s the coffee biz going? I don’t drink it myself so the only thing I remember is how expensive it got way back when I was still in school – ancient history.
Internet Strategist’s last blog post..Select Keywords First to Make Your Content Easy to Find
Nice linking in the amazing post. Its very informative post for me and my friends. I will share this with another to provide them a very useful information.
well what do when you have been attacted how do you fix the problem?!?!
Twitter: GrowMap
May 18, 2009 at 4:50 pm
Twitter: @GrowMap
Hello Ty,
The solutions are provided in the links that I shared in the post. Krista explained what she had to do to remove it in one of the first links I shared here. You may wish to request assistance from someone with advanced technical skills. I would definitely have to do that if my blogs were affected.
InternetStrategist’s last blog post..Be Pro-Active and Take Calculated Risks
If someone is competent enough to hack a website you would think they wouldn’t need to waste their time doing it!
There are exploits out all the time that are not targeted because the majority of competent programmers don’t waste there time but every once in awhile I hear about something like this what a waste of talent!
Jeff’s last blog post..What’s Jeff’s Scam, Niche Marketing
Twitter: GrowMap
May 14, 2009 at 9:42 pm
Twitter: @GrowMap
Absolutely! Surely there are productive projects they could be working on. If they’ll work on something useful I’ll even help promote them. I would much rather spend my time on that than fixing what they break.
InternetStrategist’s last blog post..Intelligent Bloggers to Consider Reading
Yeah, people doing this stuff shouldn’t target big blogs. After a big blog is hit it’s only the matter of time before someone creates a solution to the whole problem.
Twitter: GrowMap
May 14, 2009 at 9:38 pm
Twitter: @GrowMap
Hi Ken,
Ideally it would be great if spammers,scammers, and crackers would find something productive to do with their lives instead of wasting our time. Not much chance that will happen though so we’ll do what we can to control the damage they cause.
InternetStrategist’s last blog post..New Type of Scraped Comment Blog Spam
Twitter: morpheas7887
May 12, 2009 at 6:16 pm
Twitter: @morpheas7887
Thanks for the mention! I wonder why all this fuss about security started this particular time…
stratosg’s last blog post..Should you be concerned about your WordPress security?
Twitter: GrowMap
May 12, 2009 at 7:02 pm
Twitter: @GrowMap
Whenever a well known blog is targeted other bloggers are more likely to hear about it – especially if that blogger guest posts in another well-known blog about it.
Given the huge number of WordPress blogs and the likelihood that a very large percentage of them would not have taken any security precautions I felt now was a good time to cover this subject.
As frequently happens, other bloggers have just posted updated information that makes my style of researching and publishing in an overview useful. As you probably know security doesn’t usually get addressed until there is a scare or incident.
InternetStrategist’s last blog post..The Serious Drawbacks to Using FLASH for Web Design: Usability, SEO, Editability
Next Comments →
{ 4 trackbacks }