Webhosting Companies And Security Related Attacks

[Ipstenu]

Back to the original topic, here's more info from Tech Cocktail - LINK REMOVED

[Cais]

Back to the original topic, here's more info from Tech Cocktail - WordPress Hacked! Virus Cloaks Search Engines.

Hmmm ... interesting how Kapersky immediately flags when you click that link, something about a trojan virus running?!

[chipbennett]

I keep checking, and can't find any evidence of being hit.

The only out-of-the-ordinary thing I've noticed was that I had someone invoke the limit-login-attempts once, recently.

I don't use remote publishing, but had never disabled Atom or XML-RPC. Unless I've just never been targeted, I don't think they alone represent the attack vector. (Nevertheless, I just disabled both, just to be sure.)

So is the current thinking that it's plugin-related, and/or that magpie.rss is somehow related?

[Ipstenu]

I use xmlrpc to remote manage my blog via the WordPress iPhone plugin (approve comments etc, I really use it all the time!). I've never been targeted either *knockonwood* BUT I did notice a huge uptick in 404s where my xmlrpc isn't (one folder off). Magpie RSS wouldn't shock me, honestly, WP is using an old version, but so are other web apps. I dunno, it's weird.

[Ryan]

Hmmm ... interesting how Kapersky immediately flags when you click that link, something about a trojan virus running?!

Are you meaning that the link you clicked above gave that warning?

My computer crashed and I got a virus last night. The last thing I had done was to visit that website.

I tried to log back in here and couldn't as my computer was so messed up that it wouldn't log back into the Tavern. I'm now at work on a different computer, hence able to reply.

I'll remove the link.

[Ipstenu]

That's really weird ... I don't have that problem, but I'm on a Mac. Many apologies if that site's doing that, though! I'd never have linked to it if I'd know THAT was happening!

[chipbennett]

That's really weird ... I don't have that problem, but I'm on a Mac. Many apologies if that site's doing that, though! I'd never have linked to it if I'd know THAT was happening!

Same here. I run Linux, and only explicitly allow scripts. So, no virus here. Though, might as well read Ben's blog post over at wpblogger.com - since the blog post you linked was quoting from/linking to Ben's post.

[PaulCunningham]

Yeah I clicked that link from my forums subs email and got a popup telling me "Your browser is out of date. Click OK to install the update".

Was curious because the URL in the popup title box was some completely different site, and I run Firefox, and its completely up to date

Thought it ironic that a blog posting about WP hacks seems to have been hacked itself.

[Ryan]

Was curious because the URL in the popup title box was some completely different site, and I run Firefox, and its completely up to date

Yeah, I got the same thing. I thought I closed it, but maybe the close button was what triggered it to infect me perhaps?

I think the virus scanning software I was using has expired (not unlikely since it's an Otago University licensed version and I'm not student or staff there anymore), either that or the virus has removed my virus scanner as Windows is reporting that I don't have one installed :(

[Ipstenu]

Now that's interesting. I saw that on a friend's site a couple days ago. pizdectopDOTcom was the pop-up's domain, and her site is running WordPress (2.9 for sure, she removes the absolute version from the headers). If I try to go there directly, Firefox says it's an attack site. I wonder if that's related?