Hi, This is an alert for WordPress users. There is a report that many WordPress sites being hacked and malicious links and trojans being injected to the sites. The common feature of this attack is the injection of link to a1spysoftware.com site. My site was attacked multiple times in the last 2 weeks. I got report from other WordPress users about similar attack featuring links to a1spysoftware.com. This attack happens to even on the latest 2.8.6 version of WP. There is a thread on WordPress support forums regarding this http://wordpress.org/support/topic/327762 Code (markup): Siteexplorer reveals hundreds of blog affected by this http://siteexplorer.search.yahoo.com/search?p=http%3A%2F%2Fwww.a1spysoftware.com%2F&fr=sfp&bwm=i Code (markup): Please report if you have experienced this and share how you cleaned this mess. Thanks
I saw the last reply on that topic was 2 weeks ago. Any more recent news? Funny, the hacker's website now has 40k backlinks, most of them is from the hack I guess. Wonder how they get in.
Where exactly does it inject the link? I am looking on some of those site and I do not see it. Could be a vulnerability in a plugin? EDIT: Ok, I see - it appends it to the footer.
i am really afraid that some common using plugin authors is going to hack the users site !!! this is a really security error... since iam using this wp 2.8.6 i used only my own scripts also i checks every script for the bugs and holes.. if any one has this prob and doesn't know hw to remove the infection please fell free to pm me and i will fix it for you. happy to help
You can monitor this page for newly discovered security problems in Wordpress and plug-ins: http://secunia.com/advisories/search/?search=wordpress
Interesting trivia. The hacker domain was on sale here on DP last year. A $2 domain. http://forums.digitalpoint.com/showthread.php?t=1104137&highlight=a1spysoftware.com
This is one of the reasons why I moved my own blog over to MT and moved all of our client blogs over to Serendipity ages ago. edit: I personally prefer using http://milw0rm.com/ to monitor. reedit: Wordpress (And everything else that comes out of Automattic since that wp-syntax plugin is one of theirs as well) needs to have an actual external security audit. Every one previously done has either been internal or informal.
All users should report that site to Google http://www.google.com/safebrowsing/report_badware/ It will be banned soon.
Congrats, you just encouraged a DDoS attack against Google. Please note that you've just admitted to doing so in public where your IP address is on record. I think just one or a few reports is fine. This isn't an election.
Pfffffffffffff... DDOS attack on Google. The 30 people that REALLY take their time to fill in that form. Come on....