Alias

So, last week, I noticed Stopbadware.org were blacklisting my site. Annoyingly, the software guidelines on stopbadware.org, which, although fine for a catch-all legal document as to what is or isn’t viruses/ malware / spyware / adware / annoyanceware / evilware / marketingware / whatever the hell we’re calling it this week-ware, don’t give you a great deal of help as to what to actually do about it.
Fortunately, a few conversations with a couple of my learned colleagues set me off on the right track, and it turned out that by exploiting a vulverability in one of the older versions of the Wordpress XMLPRC library, it’s possible to hack an older wordpress install and inject malicious iframe code into the various blog posts.
Fiendish.
And I thought I was safe now that I’d turned off commenting completely - which was not an easy decision, let me tell you.
Clearly we’re dealing with an organised criminal group here.
Anyway, apologies if you’ve inadvertently been exposed to anything unsavoury due to viewing my site.
The attack was exactly the same as the one discussed here. The long and the short of it is that I’ve cleared all the infected posts, and upgraded to the latest version of WordPress. I would urge fellow WordPress bloggers to install the Wordpress Automatic upgrade plugin as it makes patching and updating very easy. To be honest, the thought of exporting my database and reinstalling wordpress manually on a regular basis makes me cring. The whole point of it is to reduce the amount of work involved.
Anyway…  nothing to see here. Move along.

This entry was posted on Thursday, January 1st, 1970 at 12:59 am and is filed under Blog. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.