Kristi wrote a guest blog post at TechJaws about the attack last weekend on her well known Kikolani Blog by the PHP Script Injection Exploit in WordPress 2.7.1. Kristi explains how she restored her blog and dealt with the issue. The UnMask Parasites blog provides additional details on what is known about this particular malware which has been dubbed the Gumblar .cn Exploit.
Gumblar exploit does NOT affect only WordPress. It can target any site using .php including Drupal, PhotoPost and even the Bangalore Telecom Web site.
The resources below will assist you in assessing your risk, increasing security for your WordPress blog and removing this exploit if you are already affected.
WordPress Security Resources:
- Should You Be Concerned About Your WordPress Security? (May 12, 2009)
- Securing Your WordPress Blog (Jan 14, 2009)
- In Depth Tutorial On How To Secure Your WordPress Blog Tip 1 (Apr 8, 2009)
- 18 WordPress Plugins Plus Tips to Secure Your Blog (Mar 13, 2009)
- Dan Nedelko WordPress Security Plugins (Apr 23, 2009)
- Maximum WordPress Security Plugin Announcement (Jan 3, 2009)
- Sucuri: WordPress Hardening (How to obscure WordPress and Apache version details)
- 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
Security Monitoring Tools for WordPress:
- Fast, simple way to check public information for yours or any other Web site: Sucuri Web Information Gathering Tool
- Search Engine Snark recommends these Tools for Monitoring WordPress Security
WordPress Security Audit Services:
WordPress Security Plugins:
- Maximum Security WordPress Security Plugin
- WpBeginner post about WordPress File Monitor – download WordPress File Monitor from WP plugin Directory
{ 116 comments… read them below or add one }
← Previous Comments
Next Comments →
Currently I am using blogspot and I am planning to switch to wordpress because of its great feature. So I am collecting more information about wordpress. Anyway, Thanks.
Twitter: GrowMap
February 23, 2010 at 9:08 am
Twitter: @GrowMap
Hello Computer Tips,
Be sure to read my post about setting up WordPress blogs for businesses. It contains much valuable information on Business Blogging.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Not sure what you mean by the PR
Twitter: GrowMap
February 23, 2010 at 9:07 am
Twitter: @GrowMap
InStockPhones is referring to Google Page Rank. There are many explanations of what it is online including this one on What is Google PageRank.
There is much disinformation online about almost everything and especially about SEO so never believe everything you read.
.-= growmap´s last blog ..MEME: BizLuv in Support of Small Businesses =-.
Twitter: muqtada123
January 5, 2010 at 7:54 am
Twitter: @muqtada123
I have noticed that in the recent google PR update, it does not update the PR for most blogs powered by WP and this could be the reason that why google did this.
Twitter: GrowMap
February 23, 2010 at 8:52 am
Twitter: @GrowMap
Hello,
I don’t watch the PR updates very closely but I know that many blogs that are more tightly focused on SEO do. While I need to update it you may be able to find some of the best blogs that cover that subject on my personal GrowMap MyAlltop page.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Subscribe to blogs about Wordpress plugins and security threats to keep your blog online and healthy!
I had no idea there were so many threats to blogs out there. As a newbie, I guess I have been pretty naive. Thanks for providing me with the tools to protect myself.
.-= Boardwalk @ Best Muscle Building Supplement´s last blog ..Muscle Building Tips =-.
Twitter: muqtada123
December 21, 2009 at 9:23 am
Twitter: @muqtada123
i think its already attacked in some blogs powered by WP, because i tried so many times to comment in that, i got no luck, what is the solution, anyone please
Yes attacks happen now on everywhere not only on such blogs and failures occur everywhere
I just started using word press and had no idea about any of that stuff. Great article.
.-= Amanda´s last blog ..Bearpaw Women’s 419 Demi Boot =-.
I am not sure if my previous comment got through. I was asking if there is any way to strengthen your security for the wordpress blogs.
.-= Cleaning wool area rugs´s last blog ..Types of wool area rugs and how to place them =-.
I didn’t realise wordpress is so vulnerable. I now have some concerns over the wordpress blog that I am using now. Is there any other to make it more safe?
.-= Cleaning wool area rugs´s last blog ..Types of wool area rugs and how to place them =-.
nice post with useful information…
Twitter: muqtada123
December 3, 2009 at 2:56 pm
Twitter: @muqtada123
Good advice if it will be picked up quickly before more exploits.
Wordpress has to update for bugs and security flaws so often that it only pays to bother upgrading when its a very critical security flaw.
Twitter: josiahstaggs
November 23, 2009 at 5:09 pm
Twitter: @josiahstaggs
Thanks for the head’s up. Even though WP lets you upgrade wordpress right in the dash, it’s still something i’m worried ver because i tend to think it will break something..
.-= Josiah@ Watch Dead Like Me Online´s last blog ..Season 2: Episode 15 =-.
Twitter: PicksNetwork
November 23, 2009 at 12:02 am
Twitter: @PicksNetwork
They have to figure out something, but then the hackers will figure another way to screw us..lol
Twitter: GrowMap
February 23, 2010 at 9:16 am
Twitter: @GrowMap
Yes, that is pretty much true. It is an eternal cat and mouse game.
.-= growmap´s last blog ..Better Twitter Retweets From Favorite Twitter Apps =-.
Twitter: muqtada123
November 18, 2009 at 6:32 pm
Twitter: @muqtada123
There must be some helpful plug ins for WP to protect them with these PHP exploits and as well as the other stupid hacking techniques, i know there must be but needs an expert suggestion.
There’s a lot of talk about hacks to WP based sites. It’d be great if you can write a post about what to do after such a hack. A clear step-by-step guide or something would help.
.-= Computer Maintenance Guide´s last blog ..Delete Temporary Files/Cache and Speed Up Your Computer =-.
Twitter: GrowMap
November 20, 2009 at 5:16 pm
Twitter: @GrowMap
Hello,
Security is a specialty that I usually leave to experts. Although I have a very technical background I rely on others to adminstrate technical aspects in my blogs. I did include a link to how to recover from this one and will gladly update this post with any other relevant links I find or that my readers can suggest.
.-= Internet Strategist @GrowMap´s last blog ..Best of GrowMap: Our Pillar Foundation Content =-.
One reason why everyone should regularly upgrade to the latest version of WP. Hope this exploit has been handled in 2.8.6!
any other ways to restore it?
ac and the house lighting
Twitter: GrowMap
February 23, 2010 at 9:15 am
Twitter: @GrowMap
All bloggers need to be aware that in order to restore any site there needs to be a backup (ideally a CURRENT backup). While most better hosting companies should do this for you it is unwise to rely on that. It is better to set up backups that are automatically emailed to you.
.-= growmap´s last blog ..MEME: BizLuv in Support of Small Businesses =-.
Great post. I guess we’ll just have to be more aware…
by Anz with where to buy water purifier
.-= water purifier´s last blog ..Ultraviolet (UV) Water Purifier =-.
Im pretty sure the anti virus wont be able to protect it unfortunately…
.-= Aaron @ Huffy Green Machine 2´s last blog ..Huffy Pink Green Machine =-.
Thanks for the heads up about this matter. I just started using WP about 6 weeks ago and have noticed this kind of thing happens a lot…i guess thats the downside of using the platform…in any case, staying in tune will help us all remove these types of threats.
.-= Adam @ Eyeclops Night Vision Goggles´s last blog ..Eyeclops Night Vision Binoculars =-.
Twitter: GrowMap
February 23, 2010 at 9:14 am
Twitter: @GrowMap
Hello Adam,
I don’t hear about these types of issues too often. Given the huge number of WordPress blogs we are fortunate there aren’t more of these problems.
.-= growmap´s last blog ..KeywordLuv: How Using It Benefits Us All =-.
Twitter: muqtada123
November 3, 2009 at 4:21 pm
Twitter: @muqtada123
I have seen the same thing with our website admin, someone told me a small script basically a SQL injection which can pass me easily through every admin of my website, i informed my IT manager to take care of this and after a few days, i went there again and put the same injection script but this time an awful message appeared which is basically for the person who is accessing that admin with SQL injection or you can say me for the time being but when i asked my manger that what is its remedy and tell me the way, he did not tell me anything but later on i got it from some forum where i got my manager’s username who is asking the same answer and i got a solution from there. Its basically hacking but a kinda cool hacking.
Will the anti virus detect it?
.-= letter opener as christmas gift´s last blog ..Promotional letter opener for marketing events =-.
Twitter: GrowMap
February 23, 2010 at 9:12 am
Twitter: @GrowMap
I would guess probably not.
I just got hit by Gumblar. Everyone beware.
← Previous Comments
Next Comments →
{ 4 trackbacks }