Comments on: Wordpress Doorway Spam Attacks http://cyberinsecure.com/wordpress-doorway-spam-attacks/ Daily cyber threats and internet security news: network security, online safety and latest security alerts Fri, 12 Mar 2010 13:07:06 +0000 http://wordpress.org/?v=abc By: CyberInsecure http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-18 CyberInsecure Fri, 28 Mar 2008 15:00:50 +0000 http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-18 Here is a good analysis and explanation of whats going on: http://websecurity.ro/blog/2008/03/28/wordpress-233-probably-a-0day-exploit/ It seems a 0-day SQL injection is involved and wordpress blogs that DO NOT use mod rewrite are vulnerable. Here is a good analysis and explanation of whats going on:

http://websecurity.ro/blog/2008/03/28/wordpress-233-probably-a-0day-exploit/

It seems a 0-day SQL injection is involved and wordpress blogs that DO NOT use mod rewrite are vulnerable.

]]> By: CyberInsecure http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-17 CyberInsecure Thu, 27 Mar 2008 03:11:52 +0000 http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-17 First hit might (and probably was) by a bot, second might be a "custom" job. I got some deeply google-indexed WP blogs, versions 2.2.2 and newer. No hits so far... I always change all defaults during install though. First hit might (and probably was) by a bot, second might be a “custom” job.
I got some deeply google-indexed WP blogs, versions 2.2.2 and newer. No hits so far… I always change all defaults during install though.

]]> By: Michael VanDeMar http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-16 Michael VanDeMar Thu, 27 Mar 2008 03:07:20 +0000 http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-16 There have been a few. Neither email nor server were compromised, either. It's a bot attack, not targeting my blogs specifically. Different passwords on each blog as well. There have been a few. Neither email nor server were compromised, either. It’s a bot attack, not targeting my blogs specifically. Different passwords on each blog as well.

]]> By: CyberInsecure http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-15 CyberInsecure Thu, 27 Mar 2008 03:01:46 +0000 http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-15 Michael VanDeMar: There can be few explanations. You used same password or your email got compromised and someone recovered new password. Your web hosting might be compromised and so on. I never heard any cases on WP 2.3.3 except yours. I first saw this on a russian language forum, in a topic related to Xrumer spam software. Michael VanDeMar:
There can be few explanations. You used same password or your email got compromised and someone recovered new password. Your web hosting might be compromised and so on.
I never heard any cases on WP 2.3.3 except yours.

I first saw this on a russian language forum, in a topic related to Xrumer spam software.

]]> By: Michael VanDeMar http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-14 Michael VanDeMar Thu, 27 Mar 2008 02:19:31 +0000 http://cyberinsecure.com/wordpress-doorway-spam-attacks/#comment-14 I had this happen to a fresh install of Wordpress 2.3.3, so I don't know that upgrading will definitely fix the issue. This attack started widespread back on the 15th or 16th, I do believe: <a href="http://smackdown.blogsblogsblogs.com/2008/03/23/new-wordpress-233-exploitvulnerability-adds-spam-directory-wp-content1/" rel="nofollow">New Wordpress 2.3.3 Exploit/Vulnerability - Adds Spam Directory /wp-content/1/</a> The 2 blogs that I had hit were hit on the 18th. Curious, where did you discover this first? I had this happen to a fresh install of Wordpress 2.3.3, so I don’t know that upgrading will definitely fix the issue. This attack started widespread back on the 15th or 16th, I do believe:

New Wordpress 2.3.3 Exploit/Vulnerability - Adds Spam Directory /wp-content/1/

The 2 blogs that I had hit were hit on the 18th.

Curious, where did you discover this first?

]]>