[wp-hackers] Hacked blogs
Joost de Valk
joost at yoast.com
Fri Mar 27 05:59:12 GMT 2009
> The hacked blog(s) run on a shared-hosting or private/dedicated server?
> Cause there is possibility that the wordpress blog/site wasn't
> directly attacked and it was a random site inside the shared-hosting
> environment and if this hosting is improperly configured/secured the
> attack could be triggered from that second site (or worse, the "worm"
> could root the server and start spreading the infection all over the
> server pages).
> I have encounter this scenario tons of times (50>) in all, i was able
> to edit other users pages or well even became root on the server...
> Best shot you have (in order to prevent further attacks) is to contact
> the sys-admin(s) and pray they make the necessary changes to secure
> the environment.
Yeah, doing that on all those servers now. Unfortunately, MT, even
though it's on WordPress's recommended list, just says "you're on your
own". Anyway, moving those ppl over to another host, and increasing
security on the other sites. I can't find it :)
More information about the wp-hackers