Malware and my blog

It seems that sometime last week my blog was hacked and a discreet little <iframe> linking to a malware hosting site was added to the 30boxes widget you can see on the right. It wasn’t 30boxes fault – the widget code hadn’t changed, so I assume that something managed to inject the relevant line of code into my database by exploiting a flaw in WordPress.

I’ve just upgraded to WordPress 2.3 and have checked what I can, but am still investigating as I’d like to know what the hole was so I can be sure it is patched.  And I apologise to anyone who got a nasty alert message when they visited when using IE.

Special thanks go to John Warlow, who was trying to figure out how to fix the RSS feed coming from the del.icio.us entries (something that bugs me too!) and took the time to email me about the site’s attempt to download VBS.Phelp onto his PC.  And no thanks to Google/Stopbadware who flagged the site as infected but didn’t bother to tell me they had done so, or offer any indication as to what the problem actually might have been.

3 Replies to “Malware and my blog”

  1. Keep us informed with your findings Bill, I also use WordPress 2.3 and will be interested in learning how your attack happened to make sure my WordPress is locked down.

  2. Valuable attention given to a very nasty threat. I had a good look around StopBadware on the mischief which seems to depend on ActiveX to implement its miserable activity. But I despair to read, in the “safety recommendations” section, among all the platitudes about antivirus and patches to (vainly) combat this kind of thing – nowhere does it simply issue a health warning against IE! Are institutions becoming afraid to justly criticise a Microsoft product? non-activeX browsers, especially the wonderful Opera are surely the easiest route to safety for the majority of folk, PC enthusiasts or not.

Comments are closed.