Friday, September 22, 2006

[wordpress] Hacked!?

Our blog has apparently been hacked. Our login page is redirecting to a page with a nasty piece of javascript on it. Also, when you view the blog, sometimes it looks fine, sometimes it's missing photos, and other times the entire template and formatting is missing.

Anyone else seen/seeing this kind of behavior?

This post was written by Anita & Cameron from Married ...with Dinner


sam said...

oh no!!!!!!

I guess you already have contacted wordpress?

that is not good news

good luck

Anita said...

Cameron's actually got a support ticket in to our ISP... the hacking of the login page is the most-frightening aspect, actually. We have a backup of all of our posts (at least up throught a few days ago) and our template.

Anita said...

Update: Many people on our host are having the same problem we are, so this is almost certainly not a Wordpress issue. Thanks for indulging my panic. :D

Ian said...

Sounds like a problem with your hosting provider's server rather than a hacking attempt.

Cameron said...

Hi all,

Ian is right that the problem was at the host, but it was a hacker.

Apparently somebody found an exploit in cPanel that allowed them to inject code into PHP pages. In many cases, the code was used to redirect browsers to sites that would then use the already-documented VML vulnerability in Microsoft Internet Explorer to download viruses, trojan horses, and what-have-you.

The good news is that the attack vector appears to have been identified, which means that it can be fixed.

The bad news is that cPanel is very widely used, and until this thing is patched, a lot of Web hosts will be vulnerable unless they're paying attention.

L Vanel said...

I hope this never happens to you again. How terrible.