Is your Word Press site infected?

[John Connor]

On Thursday, Sucuri detected thousands of compromised sites, 95 percent of which are running on WordPress. Company researchers have not yet determined how the sites are being hacked, but they suspect it involves vulnerabilities in WordPress plugins. Already, 17 percent of the hacked sites have been blacklisted by a Google service that warns users before they visit booby-trapped properties. Interestingly, Cid added, the attackers have managed to compromise security provider Coverity and are using it as part of the malicious redirection mechanism. The image above shows the sequence of events as viewed from the network level using a debugging tool.
Sucuri has dubbed the campaign "VisitorTracker," because one of the function names used in a malicious javascript file is visitorTracker_isMob(). Cid didn't identify any of the compromised sites. Administrators can use this Sucuri scanning tool to check if their site is affected by this ongoing campaign.

http://arstechnica.com/security/201...usands-of-wordpress-sites-to-infect-visitors/

 

[PliotronX]

We had to help an office last year that was hacked on an outdated WP site. A third party company had to be called in to recover the old site because it was a mess of PHP and the client conveniently had to pay for the upgrade to a different WP plan to update the site. Does WP run on flash or what LOL

 

[Chiefcrowe]

Thanks for the heads up!

 

[John Connor]

Does WP run on flash or what LOL

I have a WP blog and it's ripe with hacking vulnerabilities without good security plugins. I use no less than seven security plugins and use a script called ZBblock.

 

[TomFoster]

Thanks for letting us know! Mine is all clear apparently but good to check nonetheless!

 

[Oyeve]

My jobs site got hit earlier this year. There was a back door and the site has thousands of jpg images and php files. Someone injected scripts in the jpg files that ran off java and the site had tons of russian porn popups. Fun times. Took me a couple of days to plug and restore.

 

[John Connor]

Does that site use Mod_security?

 

[webjack01]

Thanks John for that news always feat uncomfortable with wordpress; thinking of joining drupal

 

[adamantine.me]

I hope not, I just got started. I have Wordfence for scan/traffic monitoring. About 2-3 days after I launched I got some IP from the UK attempting to login as admin 20 times. Banned!