Network Solutions Report WordPress Compromised Sites Redirected

. April 10, 2010 . 0 Comments

Network Solutions have posted this warning:

We’ve been following the discussions in the WordPress community and there is an issue hitting sites using WordPress, right now, even those that are running the latest most up to date version (2.9.2). See this post on http://techcocktail.com/home/2010/04/08/wordpress-hacked-virus-cloaks-search-engines/.

According to Tech Cocktail, “The virus somehow infiltrates WordPress and adds a new file in your scripts directory called jquery.js and then inserts that file into the header or footer files of your site. It also inserts an iFrame that calls a 3rd party site which is known for malware or other malicious activities.” The WordPress experts we are working with have seen that as well.

Precautions you should take if you’re using WordPress:

1. Change your WordPress administrative password immediately;
2. Review the list of WordPress users who have access to your account and delete any users you do not recognize;
3. Update your WordPress account to the most recent version that Network Solutions offers;
4. Run your security and malware system scans on all computers that are used to access your WordPress account;
5. Please ensure all sites public_html (or your www) directory have 750 permissions, not the less secure 755;
6. Change the password for your mySql user and update wp-config. You can recreate the same user with an updated password; and
7. Double check in settings writing that XML-RPC is turned off and maybe as an extra precaution disable/move/delete xmlrpc.php.

What to do if your site has been impacted:

You’ll need to clean up your site and here are some links from WordPress that may help you get your site cleaned.

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://ocaoimh.ie/did-your-wordpress-site-get-hacked/
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://www.snipe.net/2010/01/when-wordpress-gets-hacked/
http://www.rvoodoo.com/2010/02/the-dreaded-base64-wordpress-hack-and-other-hacks-too/
And when you’re done:
http://codex.wordpress.org/Hardening_WordPress

Network Solutions Customers:

Although this issue is not with our hosting servers, we can help you clean this issue up and restore your site to a previous backup. However, this may not guarantee that the issue will not occur again. We are working with the WordPress community and affected Network Solutions customers to help determine which WordPress theme or plugin that may be causing this issue and we will update this post as we learn more.

We continue to look out for our customers and our security team is reviewing logs to determine which WordPress instance or plugin may need to be fixed. We have also been working with experts in the WordPress community on this issue.

If you are a Network Solutions customer and have further issues or questions, please contact us at listen@networksolutions.com

Category: WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *