Kristi wrote a guest blog post at TechJaws about the attack last weekend on her well known Kikolani Blog by the PHP Script Injection Exploit in WordPress 2.7.1. Kristi explains how she restored her blog and dealt with the issue. The UnMask Parasites blog provides additional details on what is known about this particular malware which has been dubbed the Gumblar .cn Exploit.
Gumblar exploit does NOT affect only WordPress. It can target any site using .php including Drupal, PhotoPost and even the Bangalore Telecom Web site.
The resources below will assist you in assessing your risk, increasing security for your WordPress blog and removing this exploit if you are already affected.
WordPress Security Resources:
- Should You Be Concerned About Your WordPress Security? (May 12, 2009)
- Lorelle on WordPress: Comprehensive post and links on Firewalling and Hack Proofing Your WordPress Blog
- Securing Your WordPress Blog (Jan 14, 2009)
- In Depth Tutorial On How To Secure Your WordPress Blog Tip 1 (Apr 8, 2009)
- 18 WordPress Plugins Plus Tips to Secure Your Blog (Mar 13, 2009)
- Dan Nedelko WordPress Security Plugins (Apr 23, 2009)
- Maximum WordPress Security Plugin Announcement (Jan 3, 2009)
- Sucuri: WordPress Hardening (How to obscure WordPress and Apache version details)
- 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
Security Monitoring Tools for WordPress:
- Fast, simple way to check public information for yours or any other Web site: Sucuri Web Information Gathering Tool
- Search Engine Snark recommends these Tools for Monitoring WordPress Security
WordPress Security Audit Services:
WordPress Security Plugins:
- Maximum Security WordPress Security Plugin
- WpBeginner post about WordPress File Monitor – download WordPress File Monitor from WP plugin Directory
{ 94 comments… read them below or add one }
Twitter: @morpheas7887
Thanks for the mention! I wonder why all this fuss about security started this particular time…
stratosg’s last blog post..Should you be concerned about your WordPress security?
Twitter: @GrowMap
Whenever a well known blog is targeted other bloggers are more likely to hear about it – especially if that blogger guest posts in another well-known blog about it.
Given the huge number of WordPress blogs and the likelihood that a very large percentage of them would not have taken any security precautions I felt now was a good time to cover this subject.
As frequently happens, other bloggers have just posted updated information that makes my style of researching and publishing in an overview useful. As you probably know security doesn’t usually get addressed until there is a scare or incident.
InternetStrategist’s last blog post..The Serious Drawbacks to Using FLASH for Web Design: Usability, SEO, Editability
Yeah, people doing this stuff shouldn’t target big blogs. After a big blog is hit it’s only the matter of time before someone creates a solution to the whole problem.
Twitter: @GrowMap
Hi Ken,
Ideally it would be great if spammers,scammers, and crackers would find something productive to do with their lives instead of wasting our time. Not much chance that will happen though so we’ll do what we can to control the damage they cause.
InternetStrategist’s last blog post..New Type of Scraped Comment Blog Spam
If someone is competent enough to hack a website you would think they wouldn’t need to waste their time doing it!
There are exploits out all the time that are not targeted because the majority of competent programmers don’t waste there time but every once in awhile I hear about something like this what a waste of talent!
Jeff’s last blog post..What’s Jeff’s Scam, Niche Marketing
Twitter: @GrowMap
Absolutely! Surely there are productive projects they could be working on. If they’ll work on something useful I’ll even help promote them. I would much rather spend my time on that than fixing what they break.
InternetStrategist’s last blog post..Intelligent Bloggers to Consider Reading
well what do when you have been attacted how do you fix the problem?!?!
Twitter: @GrowMap
Hello Ty,
The solutions are provided in the links that I shared in the post. Krista explained what she had to do to remove it in one of the first links I shared here. You may wish to request assistance from someone with advanced technical skills. I would definitely have to do that if my blogs were affected.
InternetStrategist’s last blog post..Be Pro-Active and Take Calculated Risks
Nice linking in the amazing post. Its very informative post for me and my friends. I will share this with another to provide them a very useful information.
Twitter: @ChugginMcCoffee
I didn’t know that Gumblar exploit targeted other blogs than WordPress – so good to know because I know that myself and several friends don’t take these type of security precautions with our blogs right now!
Twitter: @GrowMap
Hi Mark,
Yes, I thought some might be interested in what other types of sites are at risk. How’s the coffee biz going? I don’t drink it myself so the only thing I remember is how expensive it got way back when I was still in school – ancient history.
Internet Strategist’s last blog post..Select Keywords First to Make Your Content Easy to Find
Really it is nice post and thanks for sharing it and really it is very useful. I would love some feedback on my site Oklahoma business address when you got time.
I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success in your business Thanks for all your help and wishing you all the success in your business Feel free to check out my site Oregon business address when you got time.
thanks for the keywordluv plugin. I wish more sites would follow.
I am using Drupal for my blog and I be very careful now thanks for your post it will be very helpful for me. Keep posting
Twitter: @GrowMap
Hi James,
Glad to be of service. Are there many IT jobs in Dubai? I added your site to StumbleUpon and Tweeted it in case others are seeking jobs there.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Business to Merchant Circle =-.
I hope solution is already provided.
Twitter: @GrowMap
Hi Kate,
Yes, there are solutions in the links I provided in this post.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Free Business Listing to infoUSA =-.
Superb list of wordpress guides collections shared here. I’m new to blogging and wordpress, but these articles really gives a good guide for new users like me. Glad to find this post.
.-= Pet Medication´s last blog ..Pet Medicine =-.
Twitter: @GrowMap
Hi Pet,
There are many posts here that will assist you, especially Selecting Keywords which explains how to make sure your posts and Web pages are easy to locate in the search engines.
.-= Internet Strategist @GrowMap´s last blog ..How to Create and Install Favicons =-.
Thanks for highlighting the exploits. Apparently my wordpress was hacked earlier with some russian guy stuffing russian site links in my index file.
Twitter: @GrowMap
Hi John,
I am sorry to hear you were hacked. I hope you have since recovered and added more security.
.-= Internet Strategist @GrowMap´s last blog ..How to Write a Review at Merchant Circle =-.
Great article! We had a hack on one of our blogs that placed several dozen links to overseas pharmacy sites. We adjusted all passwords and have has no issue since. Internet Media Brands
Twitter: @GrowMap
Hi Jerome,
Sorry to hear you were hacked and glad you have recovered. Are you planning to build any affiliate stores on your domains? If you are I can recommend some tools and merchants you may wish to use. There will be more posts on that subject in the future here so if you’re interested you may want to subscribe.
.-= Internet Strategist @GrowMap´s last blog ..How to Add Your Free Business Listing to infoUSA =-.
I thought this was only for Wordpress. Will have to take a look at some of my other sites now.
Excellent links given on wordpress plugins. I am relatively new to this system as it is providing superb management on daily updated contents. I was planning to use drupal earlier but many friends have advice me to go for wordpress instead. Now, I know why they have ask me to use wordpress.
Twitter: @GrowMap
Welcome UK,
While there are some who will recommend Drupal too, there is far more activity and many more plugins already written for WordPress. You may also be interested in our posts about growing any business and especially How to Start a Successful Blog Based Business
.-= Internet Strategist @GrowMap´s last blog ..Instantly Acquire 76 High Quality Incoming Links =-.
I am always concerned about my Wordpress security vulnerabilities. If you use the right plugins you can make it a lot more inconvenient for your system to be hacked. Thank you for the links, I recommend that everyone looks over them.
.-= Zicam Lawsuit Attorneys´s last blog ..Longview attorneys file more lawsuits against makers of Zicam – Southeast Texas Record =-.
Twitter: @GrowMap
Hello Zicam,
Any site can be hacked so we all have to be wary and plug any security flaws that are identified. Wouldn’t it be great if hackers would find something more useful to do?
.-= Internet Strategist @GrowMap´s last blog ..Social Networking is NOT Chat =-.
Twitter: @ChugginMcCoffee
Hey, I appreciate those resources for finding out your WordPress security risk. WordPress is a huge learning process, so that’s always why I look for more information to make sure that I am not missing anything when it comes to my blog. That would be a terrible mistake!
Twitter: @GrowMap
Hi Mark,
There will always be more to learn so collaborating and sharing what we find can really save time. I appreciate you being one of my most regular commentators. Thank you.
.-= Internet Strategist @GrowMap´s last blog ..How to Evaluate Your AdWords Accounts =-.
Strong set of resources tips, thank you. I don’t think this resource has been mentioned: http://digwp.com/ but these guys have some great suggestions regarding WP security.
Twitter: @GrowMap
Thank you, John, for sharing that additional resource.
.-= Internet Strategist @GrowMap´s last blog ..How to Evaluate Your AdWords Accounts =-.
A bit off topic…just wanted to ask you for some hlep.
I’m using Wordpress verison 2.6.1 and I got hacked a few days ago…some bastard really screwed up my site.
I was wondering if you’ve been hacked and how you fixed it….how do you find the leak?
.-= Sharon@Steve@Semenax´s last blog ..Fruit, Veggies, and a Side Order of Sex | Foods To Increase Libido =-.
Twitter: @GrowMap
Hi Steven,
I remember your question and thought I had answered it. We lost power suddenly and I may have lost it along the way. I rely on others for technical support so if I did get hacked – which thankfully has not happened – I would have to get them to assist.
If someone needed assistance with their WordPress blog I would recommend they contact Sammy Russo at Search Friendly Web Design.
.-= Internet Strategist @GrowMap´s last blog ..How to Optimize Your PPC Advertising to Benefit YOU =-.
After reading a bunch of exploit news I started increasing the time my database backup plugin sends me a backup to my email. If anything happens to any of my blogs I can restore it with the backup. If anyone doesn’t use a backup plugin you should get one asap. It will help out even if you make a mistake on your side and lose precious data
.-= Tony@Baby Cot´s last blog ..Baby Cot Furniture =-.
Twitter: @GrowMap
Hi Tony,
Thank you for sharing that excellent tip. You are absolutely correct. After Derek Semmler had hosting failure I checked with him and he assures me he has backups of our sites emailed to him regularly so we won’t lose anything should our host lose a server or get hacked.
For those who don’t know, you can restore an entire site from the last backup you have so you want to have backups sent as frequently as you tend to update content. If you make any major changes you will want a fresh backup asap.
.-= Internet Strategist @GrowMap´s last blog ..Local Search Directory Taps the Power of Television =-.
Backup and update! ALWAY AND ALWAYS. Nice post!
.-= Ben@Maybelline´s last blog ..Maybelline XXL Mascara – FREE! =-.
Twitter: @GrowMap
Hi Ben,
You know many people don’t know how to backup and aren’t doing it. Most only start after they’ve had their first major loss. Perhaps this post will motivate them to take action sooner instead of after it is too late.
.-= Internet Strategist @GrowMap´s last blog ..Success IS a Numbers Game =-.
Thanks for this very informative information. This is a good view to know things about .php
.-= ryan@chicco car seat´s last blog ..Chicco Baby Products – Introduction =-.
Well that, that is interesting. I guess I will have to keep updating my wordpress so I make sure that I dont get screwed over.
.-= jON@Facial Hair Removal´s last undefined ..If you register your site for free at =-.
Twitter: @GrowMap
Yes Jon, it is unfortunate that some dedicate their lives to causing problems for others. If they are smart enough to do that one would hope they could find something more productive and beneficial to focus on.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Thanks for the notice. I will keep a lookout.
.-= Used stair lifts´s last blog ..Replace stair lift battery =-.
I just got hit by Gumblar. Everyone beware.
Will the anti virus detect it?
.-= letter opener as christmas gift´s last blog ..Promotional letter opener for marketing events =-.
Twitter: @GrowMap
I would guess probably not.
Twitter: @muqtada123
I have seen the same thing with our website admin, someone told me a small script basically a SQL injection which can pass me easily through every admin of my website, i informed my IT manager to take care of this and after a few days, i went there again and put the same injection script but this time an awful message appeared which is basically for the person who is accessing that admin with SQL injection or you can say me for the time being but when i asked my manger that what is its remedy and tell me the way, he did not tell me anything but later on i got it from some forum where i got my manager’s username who is asking the same answer and i got a solution from there. Its basically hacking but a kinda cool hacking.
Thanks for the heads up about this matter. I just started using WP about 6 weeks ago and have noticed this kind of thing happens a lot…i guess thats the downside of using the platform…in any case, staying in tune will help us all remove these types of threats.
.-= Adam @ Eyeclops Night Vision Goggles´s last blog ..Eyeclops Night Vision Binoculars =-.
Twitter: @GrowMap
Hello Adam,
I don’t hear about these types of issues too often. Given the huge number of WordPress blogs we are fortunate there aren’t more of these problems.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Im pretty sure the anti virus wont be able to protect it unfortunately…
.-= Aaron @ Huffy Green Machine 2´s last blog ..Huffy Pink Green Machine =-.
Great post. I guess we’ll just have to be more aware…
by Anz with where to buy water purifier
.-= water purifier´s last blog ..Ultraviolet (UV) Water Purifier =-.
any other ways to restore it?
ac and the house lighting
Twitter: @GrowMap
All bloggers need to be aware that in order to restore any site there needs to be a backup (ideally a CURRENT backup). While most better hosting companies should do this for you it is unwise to rely on that. It is better to set up backups that are automatically emailed to you.
.-= growmap´s last blog ..MEME: BizLuv in Support of Small Businesses =-.
One reason why everyone should regularly upgrade to the latest version of WP. Hope this exploit has been handled in 2.8.6!
There’s a lot of talk about hacks to WP based sites. It’d be great if you can write a post about what to do after such a hack. A clear step-by-step guide or something would help.
.-= Computer Maintenance Guide´s last blog ..Delete Temporary Files/Cache and Speed Up Your Computer =-.
Twitter: @GrowMap
Hello,
Security is a specialty that I usually leave to experts. Although I have a very technical background I rely on others to adminstrate technical aspects in my blogs. I did include a link to how to recover from this one and will gladly update this post with any other relevant links I find or that my readers can suggest.
.-= Internet Strategist @GrowMap´s last blog ..Best of GrowMap: Our Pillar Foundation Content =-.
Twitter: @muqtada123
There must be some helpful plug ins for WP to protect them with these PHP exploits and as well as the other stupid hacking techniques, i know there must be but needs an expert suggestion.
Twitter: @PicksNetwork
They have to figure out something, but then the hackers will figure another way to screw us..lol
Twitter: @GrowMap
Yes, that is pretty much true. It is an eternal cat and mouse game.
.-= growmap´s last blog ..Better Twitter Retweets From Favorite Twitter Apps =-.
Twitter: @josiahstaggs
Thanks for the head’s up. Even though WP lets you upgrade wordpress right in the dash, it’s still something i’m worried ver because i tend to think it will break something..
.-= Josiah@ Watch Dead Like Me Online´s last blog ..Season 2: Episode 15 =-.
Wordpress has to update for bugs and security flaws so often that it only pays to bother upgrading when its a very critical security flaw.
Twitter: @muqtada123
Good advice if it will be picked up quickly before more exploits.
nice post with useful information…
I didn’t realise wordpress is so vulnerable. I now have some concerns over the wordpress blog that I am using now. Is there any other to make it more safe?
.-= Cleaning wool area rugs´s last blog ..Types of wool area rugs and how to place them =-.
I am not sure if my previous comment got through. I was asking if there is any way to strengthen your security for the wordpress blogs.
.-= Cleaning wool area rugs´s last blog ..Types of wool area rugs and how to place them =-.
I just started using word press and had no idea about any of that stuff. Great article.
.-= Amanda´s last blog ..Bearpaw Women’s 419 Demi Boot =-.
Yes attacks happen now on everywhere not only on such blogs and failures occur everywhere
Twitter: @muqtada123
i think its already attacked in some blogs powered by WP, because i tried so many times to comment in that, i got no luck, what is the solution, anyone please
I had no idea there were so many threats to blogs out there. As a newbie, I guess I have been pretty naive. Thanks for providing me with the tools to protect myself.
.-= Boardwalk @ Best Muscle Building Supplement´s last blog ..Muscle Building Tips =-.
Subscribe to blogs about Wordpress plugins and security threats to keep your blog online and healthy!
Twitter: @muqtada123
I have noticed that in the recent google PR update, it does not update the PR for most blogs powered by WP and this could be the reason that why google did this.
Twitter: @GrowMap
Hello,
I don’t watch the PR updates very closely but I know that many blogs that are more tightly focused on SEO do. While I need to update it you may be able to find some of the best blogs that cover that subject on my personal GrowMap MyAlltop page.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Not sure what you mean by the PR
Twitter: @GrowMap
InStockPhones is referring to Google Page Rank. There are many explanations of what it is online including this one on What is Google PageRank.
There is much disinformation online about almost everything and especially about SEO so never believe everything you read.
.-= growmap´s last blog ..MEME: BizLuv in Support of Small Businesses =-.
Currently I am using blogspot and I am planning to switch to wordpress because of its great feature. So I am collecting more information about wordpress. Anyway, Thanks.
Twitter: @GrowMap
Hello Computer Tips,
Be sure to read my post about setting up WordPress blogs for businesses. It contains much valuable information on Business Blogging.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
{ 2 trackbacks }