Last year, there was a lot of noise about WordPress being especially vulnerable to attacks and hacks. Not all of those reported hacks and wild fire assuptions about WordPress security were true.
Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.
…All that said, there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google. (Google will drop your site if it contains links they consider spammy, you’ll remember this is one of the main reasons I came out against sponsored themes.)
“Sponsored” WordPress Themes were banned from the official WordPress Theme Directory due to inclusion of ads, spam, and malicious links in Themes offered for free, with a hidden price. WordPress Theme scams continue and WordPress users are warned repeatedly to be cautious about downloading and using WordPress Themes without careful inspection and testing.
In the last issue of this series on “Cyber Attacks on the Rise in 2009,” I covered the current spread of the Downadup Worm Infection that uses websites to spread its evil, impacting more than 3.5 million sites worldwide. Such attacks are becoming more rare, but hackers targeting blogs are growing in numbers and resourcefulness. We must be on our guard to protect our blogs more this year than ever before. read more
The Downadup worm, a malicious program that spreads using a recently patched Windows flaw, has compromised more than 3.5 million computers, security firm F-Secure stated this week.
The Downadup worm has successfully spread because it uses a major flaw that Microsoft patched in October to remotely compromise computers running unpatched versions of the Windows operating system. However, the malicious program’s greatest strength appears to be a feature that allows worm-controlled computers to download malicious code from a random drop point.
The program generates addresses for 250 different domains each day. The botnet controller need only register one of the domains and set up a download server to update the bot program with different functionality, said Mikko Hyppönen, chief research officer at F-Secure.
“The bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website, and they then gain access to all of the infected machines — pretty clever,” Hyppönen said in a blog post.
According to the report, the Downadup worm uses Windows XP’s vulnerability in processing remote procedure call (RPC) requests. While a patch was issued and warnings announced, not everyone has upgraded. The top countries hit by the MS08-067 Worms, as F-Secure calls them, are China, Brazil, and Russia, but it is expected to spread further unless server administrators and webmasters update and patch their Windows Servers and Windows programs immediately, including Internet Explorer.
WordPress 2.7 downloads now past 650,000. Poll out for WordPress 2.8 input. Possible WordPress Theme threat you need to know about. BuddyPress beta released. Imagine moving millions of Typepad blogs to WordPress? Want some WordPress schwag? WordCamps coming up in January – are you going to a WordCamp near you? And if the weather permits, and electricity holds, we’ve got more WordPress news for you!
WordPress News
Get Ready for WordPress 2.8: Already work is ongoing for WordPress 2.8 and WordPress wants your feedback. In “Prioritizing Features for WordPress 2.8,” Jane Wells invites people to take a poll on what are the top priorities WordPress developers should be putting their energy into. Currently, they are focused on WordPress Widget management, automatic Theme updates and installs, and performance improvements. The poll features the most popular features requests from the Ideas forum and more that the WordPress developers want to work on. Vote by noon on December 31 to have your say in what you want to see in WordPress 2.8.
Half-Million Downloads of WordPress 2.7 and Growing: Last week, there were 500,000 WordPress 2.7 Downloads and Miroslav Glavic caught the rollover of the counter. As I write this, there are now 654,434 downloads, moving fast for 1 million. Bets are on Twitter as to when one million downloads will be counted on the counter. There is now the WordPress Download Counter which adds a counter to your blog’s sidebar featuring the number of official WordPress version downloads from the WordPress Download Counter for WordPress fan blogs.
Last year, there was a lot of noise about WordPress being especially vulnerable to attacks and hacks. Not all of those reported hacks and wild fire assuptions about WordPress security were true.
