6
Responses
Comments
Trackbacks/Pingbacks
-
[…] Watch Out For The Gumblar Botnet – A note to my WordPress kinfolk … […]
Translate This Page
About the Author
- Jeff Chandler
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
I copy my answer to Jeff’s question from my blog:
—————–
They don’t specifically target WordPress. They infect any PHP driven websites.
However, the PHP code they inject into existing files doesn’t take into account complex WordPress architecture, which leads to “redeclaration errors” and breaks compromised blogs.
So any version of WordPress can be broken. Just like any other complex PHP sites (i.e. Joomla, Drupal, phpBB, etc.)
In this attack, hackers use FTP credentials stolen from computers of webmaster, so WordPress itself is not to blame.
Thanks for the quick reply and your uncanny post diving into this attack.
I work technical support for a good sized hosting company, and stolen FTP credentials are the number one way that accounts are being broken into this year. The methods that malicious people are gaining FTP credentials seem to be two pronged.
1) Website owners using easy to guess passwords. You can whine all you want about a hard password being hard to remember, but let me guess you are whining about your site getting attacked too. Passwords like “letmein” or dictionary words like “coyote” are a big hit for some reason.
2) The next one is connecting to your website via FTP using a compromised computer. This one appears to be the most popular this year. Spyware, and malware on your computer monitors outgoing connections and snoops those passwords being sent in plain text. The fix for this one is easy, don’t use FTP use sFTP if possible. sFTP is encrypted, encrypted is good. If you don’t have sFTP available to you just make sure your computer is clean and safe.
Hope this helps at least one person out there. Your websites are a target, and more than likely you are it’s weakest link, stay smart, stay safe.
Thanks for the heads up everyone… Gary
For those who whine about having to remember stronger passwords,
check out either Password Agent (by moon software) or Keepass password safe. Both of these programs keep an encrypted database of userid’s and passwords that you have for different sites.
There’s also roboform, but don’t even mess with that, unless your brand new to the internet and never signed up for a site before, roboform won’t be of any use to you. besides, there are better alternatives, like those I mentioned above.
Like a number of people have said to me over the years, keep all your userid and passwords DIFFERENT from one another. For instance, make sure your mysql database for WP userid/password is different from your WP admin userid and password, and your CPanel userid/password different then the other two. Even if you have 3-4+ different userid-passwords, just for wordpress, and more just for your website, the chances of your website being hacked into, are much slimmer. Keep the hackers on their toes, thats what I always say. lol