Tips, Tricks, Tools & Techniques

for Internet Business, Life, the Universe and Everything

RSS Feed



Don’t Get Hacked Like Al Gore – Keep An Eye On WordPress

27 November, 2007 (22:10) | Security, WordPress | By: Nick Dalton

A story has been making the news today about Al Gore’s web site being hacked. (Original story broken by Stuart @ Earners Blog.) Actually it was a blog on climatecrisis.net that appears to have been forgotten – the last post is from September 2006. Nevertheless the blog has a PageRank of 5 which is an attractive target for link hackers.

The site has been cleaned up now, but you can view a cached version of the compromised page courtesy of Yahoo. (In IE you need to view source to see the links. In my Firefox they show up as grey text links at the bottom of the page.)

The attack has at least three steps:

  1. A blog at westmont.edu was compromised and several pages were added promoting Viagra and other related pills.
  2. Several other blogs were compromised and links to the first site was added at the bottom of each page. The latter is what happened to climatecrisis.net/blog. Al Gore’s site is probably the best know of the compromised sites, but there are many more: The Cynical Traveller, Mickipedia, Astroport Le chant du pain, The Next New Networks, Librarian Activist. Just to list a few. Hopefully the site owners will see these backlinks and be able to clean up their blogs.
  3. In order to not leave a trail to their own doorstep there appears to be no outbound links on the westmont.edu blog that goes to any web site where you can actually order the drugs. Instead there are links to google.ru with queries like “Purchase Prilosec”. Presumably the perpetrator of this attack is among the first search results for these queries. By using the indirect link through Google it makes it very hard to find and persecute the guilty party. Using Google to cover your tracks is getting increasingly popular.

All the compromised sites are blogs that use WordPress 1.5 – 2.0.6. If you are running these very old versions of WordPress be sure to upgrade to the latest secure release. And regardless which software you’re using for your web site you should regularly view the HTML source of your site to make sure that you’re not serving up spam links.

Comments

Comment from Wolf Halton
Time: November 28, 2007, 02:58

Excellent enlargement upon this topic, Nick.

Comment from Tim
Time: December 9, 2007, 17:05

Thanks for the useful post — we’ve been bombarded with comment spam for a while recently, and I assumed it was because an Akismet update was needed, not because the Wordpress installation needed upgrading. We’ve upgraded to the latest version now, and have seen a marked difference (although one a week or so is still slipping through).

A neverending battle… but at this point, it’s still worth risking to keep comments up on our site.

Write a comment