[wp-hackers] Hacked blogs

Lynne Pope lynne.pope at gmail.com
Fri Mar 27 12:53:31 GMT 2009


2009/3/27 Rich Pedley <elflop at googlemail.com>:
> With everyone mentioning, and concentrating on plugins, these days I'd
> advise that you check themes as well.

It seems Joost's Twitter post telling everyone to keep an eye on their
blogs is getting attention. I had another person report the same hack,
but this time on WP2.6.5.

Plugins in common were only Akismet, Tweetbacks and Google Sitemaps.

BUT, both sites are using the same premium/commercial theme which
contains a lot of code.
This may be coincidence but I couldn't spot any vulnerabilities in the
plugins they have in common, or in their server setup. If there is a
common vulnerability in 2.6.5 & 2.7.1 I didn't manage to find it.

I was careful not to suggest the theme is the culprit but have advised
them to contact the theme developer (hope they don't go off saying I
am casting aspersions on the theme!!!!)

Lynne


More information about the wp-hackers mailing list