Divide and Conquer » wordpress http://www.divideandconquer.se David's Software Development Blog Sat, 04 Feb 2012 20:28:04 +0000 en hourly 1 http://wordpress.org/?v=3.0.5 The WordPress Pharmacy Hack http://www.divideandconquer.se/2008/09/01/the-wordpress-pharmacy-hack/ http://www.divideandconquer.se/2008/09/01/the-wordpress-pharmacy-hack/#comments Mon, 01 Sep 2008 20:47:50 +0000 David http://www.divideandconquer.se/2008/09/01/the-wordpress-pharmacy-hack/ A number of WordPress blogs around the world have been hacked (or cracked, whichever word you prefer) and a "pharmacy" subdirectory have been injected below the WordPress root. I know of these victims at the moment:

azin.se
benniboedker.dk
www.blog-celeo.com
www.digitalrights.gr
www.toscaninelmondo.org
www.vdomck.org
www.yerbastory.pl

The injected web pages are advertised by fooling Yahoo! search to make a weird GET request to a totally different web site, resulting in log lines like this:

74.6.17.184 – - [29/Aug/2008:04:03:50 +0200] "GET /\\\"http://example.com/blog/pharmacy/spam.html\\\" HTTP/1.0" 404 15145 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"

I really recommend every WordPress user to add at least one extra level of protection to their wp-admin subdirectory. It’s not safe.

]]> http://www.divideandconquer.se/2008/09/01/the-wordpress-pharmacy-hack/feed/ 0