WordPress 2.3.3 fixed a security flaw where hackers could modify your posts. Well, guess what? They already hacked them before you updated and you probably don't even know it, because you can't see what they did unless you edit your posts in code mode.

If you run a popular WordPress blog, I highly suggest you turn off your "pretty" editor (it's the only way to see the spam inside your posts since the pretty editor will hide the noscript content) and go through all of your blog posts, editing each one to find the tags. Make sure you update to 2.3.3. if you haven't already.

I was updating some old posts with my new code tagging plugin and I found a lot of junk in some of my most popular posts. Most of it was hidden inside of noscript tags and the like. Some of it went to poker sites, some of it was actually tracking the traffic by calling a php script on some .info domain. Spooky.

Special thanks to WordPress for fixing this exploit.


Leave a Reply

Set your Twitter account name in your settings to use the TwitterBar Section.