flex and flash developer | steven sacks

If you run a popular WordPress blog, you've probably been hacked

March 26th, 2008 by Steven Sacks

WordPress 2.3.3 fixed a security flaw where hackers could modify your posts. Well, guess what? They already hacked them before you updated and you probably don't even know it, because you can't see what they did unless you edit your posts in code mode.

If you run a popular WordPress blog, I highly suggest you turn off your "pretty" editor (it's the only way to see the spam inside your posts since the pretty editor will hide the noscript content) and go through all of your blog posts, editing each one to find the tags. Make sure you update to 2.3.3. if you haven't already.

I was updating some old posts with my new code tagging plugin and I found a lot of junk in some of my most popular posts. Most of it was hidden inside of noscript tags and the like. Some of it went to poker sites, some of it was actually tracking the traffic by calling a php script on some .info domain. Spooky.

Special thanks to WordPress for fixing this exploit.

Posted in Bugs, Technology

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Previous entries

About Steven Sacks

I am a professional Flash developer with over 13 years of programming experience. I have consulted for high-profile agencies and companies in San Francisco, Los Angeles, Atlanta and New York, and developed numerous award-winning websites and rich internet applications for clients including Adobe, Fox Sports, FX Networks, Anheuser-Busch, GE, DirecTV, ESPN, The Weather Channel, Home Depot, and Coca-Cola.

I am the author of the open-source Gaia Framework for Adobe Flash, which dramatically reduces development time and makes developing Flash sites much easier.

© 2010 flex and flash developer | steven sacks
Wordpress Theme by Arcsin