[wp-testers] Default.widgets.php Hacked? What to do?

Fri Jul 24 13:43:31 UTC 2009

I did a lot of reading on this subject to ensure that I knew the full
scope of it. It's quite clear to me that the stolen FTP credentials are
definitely the cause of this specific issue:

    * Malicious “Income” IFrames from .CN Domains http://bit.ly/NgWFA
    * Hidden CN Iframes Are Still Prevalent http://bit.ly/12uY53

That said, you are quite right that getting a virus on your local
machine isn't the only problem. It is very important for WordPress users
to be aware that their site can be compromised by poor security
practices on or off their server.

Chris Jean
http://gaarai.com/
http://wp-roadmap.com/
http://dnsyogi.com/

Otto wrote:
> While I know that there are viruses that can steal your FTP
> credentials from common software programs, are you sure that that is
> what is going on here?
>
> The most commonplace method I've seen to inject this sort of thing
> into files is simple shared hosting with poor security practices. Once
> a hacker gets into one site on the server, he can run a script that
> simply searches for *.php or *.html and injects his code into anything
> it finds. Thus he's got his code on dozens or hundreds of sites
> instantly. Make the script run every so often, and you keep getting
> "hacked" over and over again.
>
> Solution in this case is two fold:
> 1. Correct the permissions. 755 or 644 for everything. Unfortunately,
> sometimes this is ineffective (poor security config tends to be
> *really* poor).
> 2. Switch hosts to one that knows what they're doing.
>
> While I don't doubt that people have gotten hacked based on stolen FTP
> creds, it seems more likely to me that this sort of code injection is
> done via bad shared hosting instead.
>
> -Otto
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>   