Wordpress blogs open to hack attacks

Wordpress, one of the most popular free blogging software available on the Web, has informed users of an unfixed bug in its older installations which poses a potential security threat to a user's blog or website--even leaving it open for a hack attack.

Share

Wordpress, one of the most popular free blogging software available on the Web, has informed users of an unfixed bug in its older installations which poses a potential security threat to a user's blog or website--even leaving it open for a hack attack.

The attacks are in the form of spam blog comments to one or several blog posts, with cleverly disguised links to malware-infested websites. And although the worm tries to hide its tracks on an infected blog, it isn't able to do so entirely. Wordpress has explained that as this worm works its way through blog posts, leaving comments, it tends to leave behind broken links of infected blog posts--due to poor coding--thus revealing itself to the blog admin.

This is what Wordpress has to say on the issue:

"This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

"The tactics are new, but the strategy is not. Where this particular worm messes up is in the 'clean up' phase: it doesn't hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage.

"Wordpress has asked bloggers all over who use the popular Web publishing software to immediately update their Wordpress software to the latest 2.8.4 version. Upgrading to the latest version is much more simpler and hassle-free than trying to fix a hacked blog."

Find your next job with computerworld UK jobs