I think that my Wordpress has been hacked. I'm not a technical guy so looking at the PHP etc is not an option.In my dashboard the second box down on the left - the one that tell me all the recent news changed it tells me to Update WordPress 2.6.4 immediately! Then points me to a site called wordpresz dot org where a suspicious download of Wordpress 2.6.4 is waiting for me. Is my site compromised? What can I do? What other damage should I expect?
This post is not about the hoster... rather the hosted.
It would appear that some hack is trying to spoof the official wordpress site by leading the unsuspecting to a wordpresz dot org.
Peter Westwood, one of WordPress lead developers has responded saying:
It looks like sites which have not upgraded to 2.6.3 are being exploited in an interesting way whereby a hacker, probably using an automated script, is hacking into sites with the vulnerability and changing the settings of one of the dashboard modules to point to a different feed thereby encouraging people to go to a different site which is offering a dodgy upgrade.
"We recommend that people upgrade as soon as possible when we release a security release so as to ensure they are not vulnerable to issues which will likely have exploits in the wild.
Also in the upcoming 2.7 release of WordPress we are including a built-in upgrade mechanism within WordPress which will allow people to upgrade automatically with ease. I would however stress the need with any piece of software to check that an upgrade is real by visiting the website of the software provider manually rather than relying on a link that you have been provided. Otherwise, as with bank phishing scams there is the potential for someone to trick you into doing something you didn't want to do.
We did do any Alexa ranking on the wordpresz page but it came back with no data available!
http://www.alexa.com/data/details/traffic_details/wordpresz.org
This is the real site for wordpress upgrades!
http://wordpress.org/download/
Update on wordpresz dot org
Hostjury has attemped to contact the registered owner of the domain name, Don T Smith of Fort Myers Florida
His phone number doesn't seem to be functional and I have attempted to contact Don through his email address on record for this domain name. We will await his reply... what do you want me to say!
Thu, 6 November 2008, 18:46
Methinks inherent problem with auto-updating software that you can't trust to actually be secure (Wordpress) - if they can change your dash pages to be different url there's nothing stopping them linking your auto-update system to a bad package either.
Instead of making new toys and messing about with their admin system (which incidentally is perfectly fine and I don't understand why they need to mess about with it all the time), maybe they should fix their code for once.
The other problem with Wordpress is this: there's no compatibility between one version to the next - I have a WP site that's telling me constantly that what I really need to do is update to the latest version - which is all well and good but I also need a working bbPress implementation integrated which I can't have with latest WP in any non-buggy "it actually works" way.
Wordpress fail, but not - very annoying. Just wish they'd fix their code so there wasn't so many security issues and/or backport fixes they do have to implement when they make so many incompatible changes along the line.
Thu, 6 November 2008, 16:22
They couldn't fix the election dang Floridians are trying to fix our wordpress!
To much sun...
Thu, 6 November 2008, 16:27
I wonder what the registrar of that domain name thinks, note it no longer seems to load.
Here's the registrant's information:
Registrant ID:DI_8908485
Registrant Name:Don T. Smith
Registrant Organization:N/A
Registrant Street1:2092 Village View Drive
Registrant Street2:
Registrant Street3:
Registrant City:Fort Myers
Registrant State/Province:Florida
Registrant Postal Code:33901
Registrant Country:US
Registrant Phone:+239.8469373
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:ckpismo@gmail.com
Might not hurt to give him a call for the curious.