Comments on: Blog Hacks Coming Back to Roost?

By: nathanr|ca » Vulnerable WordPress Blogs Not Being Indexed

nathanr|ca » Vulnerable WordPress Blogs Not Being Indexed — Fri, 06 Jun 2008 09:05:53 +0000

[...] on various high profile blogs and websites. What was even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the [...]

By: blog.rotracker.net » Blog Archive » Vulnerable WordPress Blogs Not Being Indexed

Wed, 07 May 2008 21:11:46 +0000

By: Technorati no indexará blogs vulnerables » Ricotero's Blog

Technorati no indexará blogs vulnerables » Ricotero's Blog — Sat, 19 Apr 2008 17:40:59 +0000

[...] a la reciente ola de ataques a blogs usando viejas versiones de WordPress, que en muchos casos intentan agregar spam links y otras cosillas. Los blogs de ZDnet parecen haber sido una de las víctimas. Si aún están usando una versión [...]

By: google hacks

google hacks — Thu, 17 Apr 2008 00:11:21 +0000

[...] load on Google’s …http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.htmlBlog Hacks Coming Back to Roost? - GigaOm???I was getting listed in google for all manner of sneaky and NSFW terms, so that people could [...]

By: Two superheroes has a new theme « Two Superheroes

Two superheroes has a new theme « Two Superheroes — Mon, 14 Apr 2008 11:53:58 +0000

[...] Blog Hacks Coming Back to Roost? [via Zemanta] [...]

By: Ro

Ro — Mon, 14 Apr 2008 05:45:41 +0000

Ha, the dark side of AJAX! Check your WordPress themes — look in the footer file first — for a long string of characters that doesn’t look like HTML, PHP or Javascript. It’s an encrypted string, and anyone can insert it into any theme, and then upload that theme anywhere they like.

I started noticing this a year or so ago after downloading themes from the ‘free themes’ site. Stick with WordPress.org’s theme view, or learn enough code to sniff out bad stuff.

By: Technorati: Vulnerable WordPress Blogs Not Being Indexed » D' Technology Weblog: Technology, Blogging, Tips, Tricks, Computer, Hardware, Software, Tutorials, Internet, Web, Gadgets, Fashion, LifeStyle, Entertainment, News and more by Deepak Gupta.

Wed, 09 Apr 2008 07:26:40 +0000

By: Technorati no indexará blogs vulnerables

Technorati no indexará blogs vulnerables — Tue, 08 Apr 2008 19:49:16 +0000

By: Weblog Tools Collection » Blog Archive » Vulnerable WordPress Blogs Not Being Indexed

Tue, 08 Apr 2008 17:27:59 +0000

By: Ian Kallen

Ian Kallen — Tue, 08 Apr 2008 16:35:54 +0000

FWICT, the XML-RPC vulnerability that wp 2.3.3 fixed seems to be having greater impact than the nefarious theme download hack -- old installations being compromised hundreds of times a day. Technorati's crawler is no longer updating vulnerable blogs bearing symptoms of being compromised. I posted a heads up yesterday and more details last night. -Ian Technorati

By: Michael

Michael — Tue, 08 Apr 2008 14:50:56 +0000

@Grant yea, I think a lot of people are downloading themes from untrustworthy sources. One of the major problems is that themes.wordpress.net hasn’t allowed theme developers to upload new themes or updates to old themes for nearly 8 months, that means if you want fresh new themes you have to look for them elsewhere.

By: Grant

Grant — Tue, 08 Apr 2008 12:39:24 +0000

Um. Don’t execute untrustworthy code? Did people suddenly go mad and start downloading themes from all over the place, or are the affected themes from semi-trustable sources?

By: fabianschonholz

fabianschonholz — Tue, 08 Apr 2008 05:11:18 +0000

Wow … that is clever!! Could WordPress certify themes?

By: Harold

Harold — Mon, 07 Apr 2008 23:00:12 +0000

What are the themes most commonly affected?