[wp-hackers] Hacked blogs

Joost de Valk joost at yoast.com
Fri Mar 27 05:59:12 GMT 2009

g30rg3_x wrote:
> Hi,
> The hacked blog(s) run on a shared-hosting or private/dedicated server?
> Cause there is possibility that the wordpress blog/site wasn't
> directly attacked and it was a random site inside the shared-hosting
> environment and if this hosting is improperly configured/secured the
> attack could be triggered from that second site (or worse, the "worm"
> could root the server and start spreading the infection all over the
> server pages).
> I have encounter this scenario tons of times (50>) in all, i was able
> to edit other users pages or well even became root on the server...
> Best shot you have (in order to prevent further attacks) is to contact
> the sys-admin(s) and pray they make the necessary changes to secure
> the environment.
> Regards

Yeah, doing that on all those servers now. Unfortunately, MT, even 
though it's on WordPress's recommended list, just says "you're on your 
own". Anyway, moving those ppl over to another host, and increasing 
security on the other sites. I can't find it :)


More information about the wp-hackers mailing list