Latest WordPress Version 2.8.4 Exploited

This evening I did my twice-weekly check to see if any of my WordPress blogs have been exploited and what do you know…CenterNetworks has been exploited. I was checking every day but moved it to twice a week checks after the last security patch for WordPress that moved the blog to 2.8.4. The exploit took place last night as far as I can tell and has already been indexed in Google so there goes my traffic and earnings.

When the “big hacker” event happened earlier this month, WordPress founder Matt Mullenweg noted, “The only thing that I can promise will keep your blog secure today and in the future is upgrading.” As of this evening, I can only assume his promise no longer stands valid.

I can’t tell whether the exploits are coming through WordPress or my host, Rackspace. Rackspace always says it’s on the WordPress side. I am happy to provide whatever I can to WordPress to help them figure out what happened and I can only hope that eventually they get this fixed. Rackspace personnel called me this evening and noted that the permissions are all set correctly on the server. If it’s something on my end, I’d like to know that as well.

Update Midnight: Rackspace is now running a XSS checker on this site.

Update 4:30pm Saturday: Rackspace is now saying that they believe someone logged into CN and manually changed the template file. They are supposed to be sending over some logs soon.

Update: 8pm Saturday: I’ve received the log files – unfortunately they don’t show much beyond someone editing the footer include. If someone from WordPress would like the files, please contact me.

Each and every time that my WordPress sites are exploited and/or hacked, I seriously regret moving away from Drupal where in over three years I wasn’t hacked once.

Related: The Good, The Bad and The Exploited – My Move from Drupal to WordPress

One Response