post-page

Vulnerable WordPress Blogs Not Being Indexed

57
responses

Vulnerable WordPress Blogs Not Being Indexed: Technorati has decided to not index vulnerable and exploited WordPress blogs. This comes after the recent spat of hacks that were discovered on various high profile blogs and websites. What was even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the web. The moral of this story is that you need to upgrade your WordPress blog now to WordPress 2.5.

Just so that everyone is aware, WordPress 2.5 is the latest stable version and this should be the version that everyone should upgrade to. Any older versions leaves you vulnerable. [EDIT] As mentioned on the legacy 2.0 page, WordPress 2.0.11 is the latest stable download with all the latest security fixes for the 2.0 branch. However, WordPress 2.5 is still the latest and the greatest and should be everyones upgrade target.

As for themes, if you feel that the theme you are using might be suspect of something strange, just disable it and get something else. I suggest you download themes from the original author’s website/blog and stay away from any theme that has an encrypted footer (though that would be hard to determine without looking at the code). At weblogtoolscollection.com we try our darnest to link directly to theme authors for the download.

Technorati is just the beginning. If your blog has spammy links, has covert hidden pages or links, is used for nefarious purposes, even without your knowledge, you are being penalized by the search engines. We are going to put together a post on how to figure out if your blog is hacked/exploited, clean up your blog if it is hacked, get your blog back to order, find spammy pages if they do exist and how to get your blog re-indexed. In the meantime, if you know of a good resource, please let us know and we will add it to the post.

Today is a good day to upgrade to WordPress 2.5

heading
57
Responses

 

Comments

  1. Tadd (89 comments.) says:

    I always look at a theme closely for anything suspicious. If it’s an encrypted footer, I’ll take it and decompile it and remove anything that isn’t wanted. I’ve found a nice handful of themes online that had some very shifty pop-under scripts and such. Found a few that had a few SQL injections in it and a few that tried to download spyware/adware to the viewers computer whenever they log to the site.

    All in all – if you don’t know to decrypt something, don’t use it and go with places you can trust, like this fine site.

  2. gestroud says:

    Here’s one potentially useful plugin, named WP Anti-Wares. It supposedly checks themes for malicious code. I always download themes from the original designer, so I can’t attest to its functionality. Also, I’m not too sure if the plugin is still under active development.

  3. Tim says:

    “Any older versions leaves you vulnerable”

    Okay, now I’m confused. Is this page no longer correct and 2.0.11 is no longer considered secure?

  4. Mark Ghosh (386 comments.) says:

    Tim, I stand corrected. Fixed post.

  5. Ben says:

    As 2.5 is quite a big step I was hoping they would provide a legacy branch for 2.3 should any serious issues arise. Is this not the case?

  6. gestroud says:

    Another handy one is WP Security Scan, which is compatible with 2.5. I think I first heard about it here on WLTC.

  7. Fabian (1 comments.) says:

    Oh Good! and how can I know if some blogs are vulnerable and exploited?

    What happen if these blogs link to me?

  8. Luca Beltrame (8 comments.) says:

    Such news would cause a lot less trouble if it was actually easy to upgrade to newer versions of WP. And I don’t mean the actual upgrade procedure, but the total instability of APIs and database schemas (often advertised very late during the development process), which causes breakage in plugins.
    WP should learn from other FOSS projects and try to manage breaking changes better.

  9. raincoaster (5 comments.) says:

    Technorati is so b0rked as to be effectively insane. I get a different authority when I’m signed in than when I’m signed out. I dropped 13000 places yesterday and got them back twelve hours later. I’ve given up pandering to Technorati and I recommend everyone does the same. Google will end up owning everything anyway, so make nice with Google Blogsearch now; save time later when our Googelian Overlords make it official.

  10. Mark Ghosh (386 comments.) says:

    Luca: 2.5 does not introduce any breaking changes except for those plugins that use the admin interface. Even there the breakage should be in the management and not in the plugin itself.

  11. Monika says:

    may WP 2.5 is stable but it doesn’t work for so many user.

    and to say: do an update an your are safe is false.–

    It can help but most of the time it doesn’t, because so many users doesn’t know that the hacker is in his database and inits account — because the server is unsafe

    WP 2.5 is no magic wand ;)

    Monika

  12. Luca Beltrame (8 comments.) says:

    Mark: the change in password hashing broke some plugins that link to other applications (such as WPG, which one of my blogs uses). Others broke (temporarily, like Simple Tags) because there were some changes in the internals of WP.
    Unlike the 2.2 > 2.3 transition, most of these problems are minor, but I still think that with a proper decision-making when the release cycle starts (e.g. “for version XXXX we’ll break the YYY and ZZZ APIs”) the effect can be lessened. Other, larger FOSS projects have employed this approach succesfully.

  13. drsafemode (2 comments.) says:

    Big blogs like Techcrunch is still using 2.3.3.

  14. Dave C. (1 comments.) says:

    The Technorati announcement got me moving on my upgrade, and it turned out to be painless. All my plugins, once upgraded to latest versions, worked without problems and no weirdness so far.

  15. Tadd (89 comments.) says:

    I have to admit I was all Technorati-fevered for a while. Then all of the sudden they went weird on me. Updating my site three times (sometimes listing the same post multiple times) or not updating my site for literally two weeks … then re-adding every post as if it was new.

    I’ve given up trying to figure out Technorati. The only reason I cared originally was because of some Blog Judge website that gave me a crap review. Technorati is just another site that’s trying to force people to one standard … well, that’s what I think.

    Though I’ve already updated my WordPress .. only plug that gives me issues is the All in One SEO which breaks my RSS for some reason.

  16. Roosh (1 comments.) says:

    Version 2.3.3 is not safe? I don’t like 2.5.

  17. Mark Ghosh (386 comments.) says:

    Roosh: 2.3.3 is safe for now but it will not receive any security updates. So when new vulnerabilities are discovered, fixes will only go into the 2.5 (and 2.0.11x) branch. So it is better to upgrade.

  18. Steve (10 comments.) says:

    I very much look forward to this upcoming article from you all:

    We are going to put together a post on how to figure out if your blog is hacked/exploited, clean up your blog if it is hacked, get your blog back to order, find spammy pages if they do exist and how to get your blog re-indexed

  19. Hitesh says:

    I like 2.5

  20. Rocque (3 comments.) says:

    When I went to open the tar.gz I got 3 error messages. Did anyone else experience this? I guess this is the weekend to upgrade. Now I wonder why I make so many different blogs. Thanks for all the interesting comments.

  21. D4W50N says:

    Oh, what a sad blog post! If WordPress is not indexed by Technorati anymore, we all will get less traffic, I guess.

  22. Syd (1 comments.) says:

    I’d love to update, but I’m waiting for my host to update fantastico, cause I’m lame and don’t understand how to set up the database stuff.

  23. mccormicky (5 comments.) says:

    @Syd you’re not lame! Loads of folks rely on Fantastico. You don’t have to do any database stuff-wp takes care of that for you automatically after the new files are uploaded(you have to login to the admin to have it happen but that’s it)

  24. Val says:

    Thanks for the great info! Link posted on my blog in appreciation.

  25. Ro (3 comments.) says:

    it’s not database stuff — you just
    1. create a database
    2. copy and paste database name, user and pass into WP config
    3. run install script
    done

  26. Uncle Che (1 comments.) says:

    I am using WordPress 2.5.1 so i don’t think vulnerability has anything to do with my blog not being indexable. I can’t claim it with technorati. I feel this is weird. Can someone help PLEASE? Thanks

  27. Vladimir (1 comments.) says:

    What was even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the web. The moral of this story is that you need to upgrade your WordPress blog now to WordPress 2.5.

    I’m afraid I can’t agree with you. I don’t see any logic. If you upgrade your WordPress installation and keep on using that “bad theme”, it won’t solve your problems – because that “covert and encrypted” will still be present in the theme.

    The solution here is to patch the theme in question (or don’t use it at all).

  28. Vidyut Kale (2 comments.) says:

    Hi,

    I’m running WordPress 2.6.1 on two blogs, one of which is absolutely updated instantly on Technorati, and the other is not indexed at all. Additionally, my blogspot blog has stopped being indexed two days ago.

    I have written about it here: http://nerdinprogress.blogspot.....-mess.html

    I don’t think this is completely a wordpress thing.

    Vidyut



Trackbacks/Pingbacks

  1. [...] (Vulnerable WordPress Blogs Not Being Indexed > Massive Blog Hackery Exposed > TailRank Exposes Massive Number of Blogs Hacked) It seems like if you’re running WordPress, it’s advisable to upgrade to 2.5 (which was relatively painless) as well as checking the actual code of your theme… [...]

  2. [...] tools collection are also running an article “Vulnerable WordPress Blogs Not Being Indexed” which goes on to say “Technorati is just the beginning. If your blog has spammy links, [...]

  3. [...] hat es WordPress wirklich geschafft: Einerseits weigert sich Technorati, alte Versionen in den Index aufzunehmen, und andererseits ist die aktuelle Version sowas von kaputt und mit vielen Browsern so unbedienbar, [...]

  4. [...] das Opfer das Template aktiviert. Siehe dazu “Massive Blog Hackery Exposed“, “Vulnerable WordPress Blogs Not Being Indexed” und “Blog Hacks Coming Back to Roost? “. Artikelzusatzinfos 1. Tags: blog [...]

  5. [...] Under : hacks, indexing, wordpress, WP2.5 Weblog Tools Collection » Blog Archive » Vulnerable WordPress Blogs Not Being Indexed Vulnerable WordPress Blogs Not Being Indexed: Technorati has decided to not index vulnerable and [...]

  6. [...] Weblogtoolscollection [...]

  7. [...] Geek Ramblings & Weblog Tools Collection] WordPress articoli correlati: WordPress 2.5WordPress 2.1.3cforms II in italianoInside Plugins: [...]

  8. [...] everyone be aware of some security issues with older WordPress versions. I have even seen first hand an attacked site. The lesson here is to [...]

  9. [...] vulnerables de WP dejarán de ser indexados por su buscador. Esto se traduce, como comenta Mark Ghosh en la marginación de todos aquellos blogs que corran sobre versiones anteriores a la 2.0.11, que [...]

  10. [...] Vir Tags: WordPress Odzivom lahko sledite skozi RSS 2.0 feed. Lahko pustite odziv ali sledilno povezavo s svoje spletne strani. [...]

  11. [...] ???????wordpress? [...]

  12. [...] not to upgrade can have some serious consequences for your site, and one of those is being taken out of the Technorati indexation because your blog [...]

  13. [...] out Vulnerable WordPress Blogs Not Being Indexed for further reading.  If you have WP 2.5 you can also find the link on your dashboard.  [...]

  14. [...] you don’t upgrade your copy of WordPress, you’re at risk of being left out of the Technorati blog index as well as other services feeding off [...]

  15. [...] There are many languishing installs that are currently succumbing to hackers and spammers and losing their status in search engines because of it. Problems like that can hurt non-profits like us who rely on a low-cost web presence to promote [...]

  16. [...] Weblog Tools Collection » Blog Archive » Vulnerable WordPress Blogs Not Being Indexed (tags: Technorati, blogging wordpress web blog) [...]

  17. [...] affecting WordPress blogs and indexing services, like Technorati, are starting to react.  Mark Ghosh over at the Weblog Tools Collection and Dougal Campbell at G33k Ramblings both wrote about an announcement from Technorati, one of the [...]

  18. [...] mengupgrade wordpress ke version 2.5 (terbaru) Technorati tidak akan mengindex blog anda jadi ini saatnya bagi Anda untuk mengupgrade instalasi WordPress. Kira kira seperti ini pengumuman yang dikeluarkan oleh pihak Technorati : Karena masalah ini [...]

  19. [...] been running this blog on WordPress 2.2.x for some time now, but after reading several warnings about Technorati (and possibly others) planned index exclusion of vulnerable blogs I’ve [...]

  20. [...] just upgraded this blog to WP 2.5 after reading that Technorati is not indexing sites that haven’t upgraded to WordPress’ latest version because hackers are exploiting vulnerable and orphan blogs. This is another reason for the [...]

  21. [...] instance, the normally excellent Weblog Tools Collection wrote about security holes due to free themes, and then said “The moral of this story is that you need to upgrade your WordPress blog now to [...]

  22. [...] Technorati has decided to not index vulnerable and exploited WordPress versions [...]

  23. [...] Technorati has decided to not index vulnerable and exploited WordPress versions [...]

  24. [...] did I upgrade? Because WordPress (as represented by Weblog tools collection) has managed to scare me into believing that my blog was vulnerable with previous versions. [...]

  25. [...] you upgrade your website? You might want to consider upgrading your wordpress ASAP if this is what going to happen soon. Some screen shot of my new [...]

  26. [...] done both, I realize there are many ways I could hack into a person’s blog. All I would have to do is provide myself a [...]

  27. [...] One of them caught my fancy and I decided to take a deeper look. The topic was Technorati & hacked WordPress blogs. More than Technorati, it was the article on Weblog Tools Collection that got me [...]

  28. [...] Blogs Vulnerables de WordPress no son Indexados [...]

Obviously Powered by WordPress. © 2003-2013

page counter
css.php