The new variant from wordpress.net.in & qwetro.com used the “anonymous PHP create_function” to append their spam links on their victim blog. Below is quick patch to disabled the mischievous “create_function” injection on wp_head.
Entries Tagged as ‘OWNED’
Feb 29th, 2008 +0000 UTC
Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked
Blake Ross hacked by Blackhat SEO Spammer, blakeross.com is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked
Screenshot
Note: There is known directory transversal exploit for WordPress 2.0.4 #4226
External Links
How to fix wordpress.net.in Goro Spam
WordPress 2.0.5 Changelog
Apache 1.3 Vulnerability
Jan 31st, 2008 +0000 UTC
Bluehost Hostmonster CEO Hacked Again
Mattheaton.com WordPress blog was first hijacked 2 months ago on 26 November 2007 . This is the third time it got hacked. It’s a big embarrassment for bluehost & hostmonster hosting to have their CEO’s blog being spamride every year . Matt’s is still using wordpress 2.3.1 ATM hopefully he could get his wordpress upgrade as soon as possible and fixed all his mess.
