[wp-testers] Default.widgets.php Hacked? What to do?
Jennifer Hodgdon
yahgrp at poplarware.com
Fri Jul 24 14:09:50 UTC 2009
Doesn't anyone besides me think it is a poor security practice to
store FTP credentials on their PC at all? I realize it is a bit
inconvenient at times to have to remember passwords, but if your FTP
software is storing credentials in an unencrypted file, I think it is
a HUGE security risk to let it store your FTP passwords. This also
goes for your browser storing login passwords for your sites.
--Jennifer
Chris Jean wrote:
> I did a lot of reading on this subject to ensure that I knew the full
> scope of it. It's quite clear to me that the stolen FTP credentials are
> definitely the cause of this specific issue:
>
> * Malicious “Income” IFrames from .CN Domains http://bit.ly/NgWFA
> * Hidden CN Iframes Are Still Prevalent http://bit.ly/12uY53
>
> That said, you are quite right that getting a virus on your local
> machine isn't the only problem. It is very important for WordPress users
> to be aware that their site can be compromised by poor security
> practices on or off their server.
--
Jennifer Hodgdon * Poplar ProductivityWare
www.poplarware.com
Drupal, WordPress, and custom Web programming
More information about the wp-testers
mailing list