Lately, a number of high profile sites have been targeted for spam and some don’t even know it. I stumbled across a post from EB where Al Gore’s Climate Crisis blog has been hacked and defaced with hidden Ads.
The image above shows the Ads hidden within the blog. The blog is running a very old version of WordPress, so the attacker could have used any number of attacks to gain access to the blog. However, there is suspicion of a zero-day WordPress vulnerability that is being used by spammers.
BlogSec suggests WordPress users visit their primary blog pages and view the source code for hidden malicious Ads like the ones seen above.
Also see:
- billblog hacked with a discreet iframe of Ads.
- SEO Egghead hacked with hidden Ads.
Comments
I just checked his Blog. And I’m not sure if they removed the Spam already. Anyway he has already some new hidden Spam within his Blog
[…] BlogSecurity - More WordPress targets for spam […]
Just goes to show that wordpress isn’t as secure as many think and it’s about time the developers actually acted responsible.
[…] Security News: There are some security issues and scams WordPress users need to know about. Blog Security reports more WordPress bloggers are targets for spam hackers because they haven’t been updated. Be sure and get your blog updated in […]
How do you check for things like that?
I’ve got a blog that had a certain title but when I looked for some reason at the slug, the slug had changed the word “imperfection” to “obscurity”.
That got me thinking that someone had done something, somehow and that I had better try and find you again since at one point I was here and y’all were talkng about hardening the installation via the .htaccess file.
I still haven’t found the link but I did find you so I’m getting closer.
Peace - today!
I’d forgotten to ask, but do you have any thoughts on the comment above - anyone?
Any help or thoughts would be appreciated.
Thank you.
Peace.
-
Search site:
-
Additional WP Resources
