WordPress users report hacked blogs

Share this article:

Some WordPress users running the latest version of the popular blogging software are complaining that their sites have been compromised to point users to malicious websites, an IT security monitoring firm said Friday.

The targeted sites appear to be those hosted by Network Solutions, according to a blog post from Sucuri Security, citing reports from its clients.

"What is interesting about this attack is that it does not create or modify any files, so the average security advice does not apply here," the post said. "The only thing [it] does is to modify your 'siteurl' inside the 'wp-option' table to point to http://networkads[dot]net/grep/, breaking the site layout completely."

SQL injections or a larger database problem at Network Solutions may be the cause, according to Sucuri.

But Network Solutions spokeswoman Susan Wade said the problem is not specific to blogs hosted by the company.

"This issue is not isolated to Network Solutions, nor is it a Network Solutions server issue," she told SCMagazineUS.com in an email. "We're working with the experts in the WordPress community and understand it is an issue with a WordPress plug-in or theme and it is impacting a number of websites that are hosted on various hosting platforms. 

Network Solutions offered more information here.

Sucuri recommended affected users "revert your siteurl back to the previous value. Log in to your control panel, go to 'manage database,' and edit the siteurl value on 'wp-option table.'"

In recent months, WordPress has become a popular vector to spread malware.

"In a typical scenario, a security vulnerability is discovered and patched, but many website owners running WordPress do not install the updated version of the WP software, leaving their sites open to the exploits that inevitably follow," Maxim Weinstein, executive director of StopBadware, a nonprofit aimed at fighting bad software on the internet, said in a 2009 blog post. "WordPress plug-ins are sometimes vulnerable, as well."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.