Hundreds of WordPress Blogs and Sites Recover From Networkads.net Attack
WHIR Web Hosting Industry News
April 12, 2010
As users prepare for version three of the popular open-source blogging platform WordPress, many of those using WordPress had their site or blog hacked, redirecting visitors to a page that attempts to install malicious software.
According to a Friday report from security expert Brian Krebs, after surveying multiple postings on WordPress forums and blogs, the attack appears not to modify or create files, but instead inject the web address "networkads.net/grep" directly into the target site's database, redirecting visitors to networkads.net. Also, due to this attack method, site owners locked out of the WordPress interface for their blogs. If the forum posts were any indication, nearly WordPress user affected reported Network Solutions as their current hosting provider, although the company claims not only Network Solutions customers were affected. Shashi Bellamkonda, Network Solutions' head of social media, noted in a Sunday blog entry that the WordPress issue has been fixed. Though he doesn't identify the root cause the issue, he writes that it has been addressed, and most sites have been fixed. In solving the problem, we have had to change database passwords for WordPress. Normally, this does not impact functioning of the blog, but in some cases if you have custom code with manually-embedded database passwords (in files other than wp-config), this will require changes. It remains unclear whether the point of compromise is a WordPress vulnerability, a malicious WordPress plugin, or if it has to do with a common service provider. As a precaution, Network Solutions is urging customers using WordPress to log into their account and change their administrative passwords, and delete all administrative access accounts they do not recognize.