Comments on: Massive Blog Hackery Exposed

By: Blog Hacked: It Could Happen To You · xml, xml editor, what is xml, xml database, xml definition, what does xml stand for, introduction in xml, xml examples, xml tutorial

Tue, 12 May 2009 17:55:08 +0000

[...] using a freely distributed blog theme then you might want to check that too in case it’s been laced with code that will allow unscrupulous others to take over your [...]

By: Hacker Websites: wordpresssupplies.com - amazingwordpressthemes.com - wordpressthemes.weblogs.us | ExFn.com Daily Fresh News

Tue, 28 Oct 2008 14:23:00 +0000

[...] Philippino blogger Yuga, outlines a couple of other methods followed by these spammers to capture / break your WordPress installation. The article is a must [...]

By: nathanr|ca » Vulnerable WordPress Blogs Not Being Indexed

nathanr|ca » Vulnerable WordPress Blogs Not Being Indexed — Fri, 06 Jun 2008 09:06:21 +0000

[...] Technorati has decided to not index vulnerable and exploited WordPress blogs. This comes after the recent spat of hacks that were discovered on various high profile blogs and websites. What was even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the web. [...]

By: Dissection of a hacked WordPress Theme (how the hacked themes inject links and how to detect them) » Chaos Laboratory

Sat, 31 May 2008 06:39:22 +0000

[...] Philippino blogger Yuga, outlines a couple of other methods followed by these spammers to capture / break your WordPress installation. The article is a must [...]

By: Ensio

Ensio — Mon, 21 Apr 2008 13:34:37 +0000

I just downloaded a couple of free wp themes from http://www.wpthemesfree.com/. The zips are strange, especially those with funny German addresses seen on prewiev. IZArc hangs badly when unzipping footer.php. I havent installed those themes, though, and never will.

By: WordPress Theme Submission | SeoLuv

WordPress Theme Submission | SeoLuv — Mon, 21 Apr 2008 07:05:09 +0000

[...] [...]

By: Blog Hacked: It Could Happen To You - Internet Business Blog

Blog Hacked: It Could Happen To You - Internet Business Blog — Sun, 20 Apr 2008 10:35:17 +0000

[...] using a freely distributed blog theme then you might want to check that too in case it’s been laced with code that will allow unscrupulous others to take over your [...]

By: Ro

Ro — Mon, 14 Apr 2008 07:23:35 +0000

It’s not really hacking — it’s just programming. They create programming code and stick in templates you use for free.

It’s totally evil and it sucks though, you’re right. Just check your code out before your use it — any of it.

By: FEWL.NET - Stars & Stripes Hacked! China Involved?

FEWL.NET - Stars & Stripes Hacked! China Involved? — Sun, 13 Apr 2008 03:08:52 +0000

[...] blogs investigating the previously mentioned network of hacked blogs, some believe the attackers to actually be Filipino as some of the discovered attack code had Tagalog throughout. I still think it’s [...]

By: Wangbu

Wangbu — Sun, 13 Apr 2008 00:57:20 +0000

It is sad but true that humans, Filipinos or otherwise, always have double edge capabilities: one side for creation, another side for destruction.

I just would like to ask is there any international protocol governing hacks? Or any institution regulating internet activity?

By: Technorati Tidak Mengindex Wordpress Blog | Daniel Daphone

Technorati Tidak Mengindex Wordpress Blog | Daniel Daphone — Thu, 10 Apr 2008 06:31:26 +0000

[...] Ada baiknya kalo sebelum kita menginstal theme lebih memperhatikan strukturnya jika ada kode yang mencurigakan jangan anda instal wordpress tersebut. Posted on April 10th, 2008 by daniel in news wordpress [...]

By: wordpress sicherheitsaspekte - warum fremde themes und plugins riskant sind | linux,macs, asterisk und anderes

Wed, 09 Apr 2008 12:05:49 +0000

[...] Darum sollten nur plugins und themes aus sicherer Quelle installiert werden. Nach dieser Geschichte bin ich sensibler geworden, was Content Klau und das Interesse an meinem kleinen Blog zum “Blackhat” optimieren von webseiten bietet. Der Trick mit dem “vergifteten” WP Theme ist dann der feuchte Traum des “blackhat” SEO. [...]

By: bsod » Wordpress 2.5

bsod » Wordpress 2.5 — Tue, 08 Apr 2008 21:02:49 +0000

[...] dice que una de las fuentes de vulnerabilidades más comunes viene de la mano de las plantillas gratuitas que se consiguen por la red. Esto no es sorpresa, tampoco algo nuevo, pero es algo recurrente que no es menos [...]

By: Showbiz Intriga? Get It From Boy!

Showbiz Intriga? Get It From Boy! — Tue, 08 Apr 2008 18:29:35 +0000

Congrats Yuga, great post! and i’m sure tons of revenue, lol..why? this blogpost is in the WordPress Admin Page!!just imagine the traffic!

By: Basic Thinking Blog | Vorsicht vor freien Wordpress-Templates

Basic Thinking Blog | Vorsicht vor freien Wordpress-Templates — Tue, 08 Apr 2008 17:49:25 +0000

[...] um das Blog dann hacken zu können, sobald das Opfer das Template aktiviert. Siehe dazu “Massive Blog Hackery Exposed“, “Vulnerable WordPress Blogs Not Being Indexed” und “Blog Hacks Coming [...]

By: WP Trackback Spam Attack | YugaTech | Philippines, Technology News & Reviews

Tue, 08 Apr 2008 17:39:17 +0000

[...] popular you are, the more attacks you get. This is so true with WordPress right now. The massive code injection and hidden links on WordPress blogs are getting some serious coverage and just tonight I discovered another form of attack — the [...]

By: Blog Hacking | The Rock | xTended

Blog Hacking | The Rock | xTended — Tue, 08 Apr 2008 17:13:00 +0000

[...] as what I’ve read on Massive Blog Hackery Exposed, there have been a lot of simple and advanced hacks being done by hackers. One of them is by [...]

By: links for 2008-04-08 « PinoyBlogoSphere.com | PhilippineBlogoSphere.com

Tue, 08 Apr 2008 15:33:47 +0000

[...] http://www.yugatech.com/blog/blogosphere/massive-blog-hackery-exposed/ [...]

By: links for 2008-04-08 « PinoyBlurker @ PinoyBlogoSphere.com

links for 2008-04-08 « PinoyBlurker @ PinoyBlogoSphere.com — Tue, 08 Apr 2008 15:32:06 +0000

[...] http://www.yugatech.com/blog/blogosphere/massive-blog-hackery-exposed/ [...]

By: 2718.us blog - covert blog hacks?

2718.us blog - covert blog hacks? — Tue, 08 Apr 2008 15:24:46 +0000

[...] WordPress Blogs Not Being Indexed > Massive Blog Hackery Exposed > TailRank Exposes Massive Number of Blogs Hacked) It seems like if you’re running [...]

By: Vulnerable WordPress Blogs Not Being Indexed | BlogBroker24-7

Vulnerable WordPress Blogs Not Being Indexed | BlogBroker24-7 — Tue, 08 Apr 2008 15:11:05 +0000

[...] even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the web. The moral of this story is that you need to upgrade your WordPress blog now to WordPress [...]

By: Your Blog Might Be Hacked » Webomatica - Technology and Entertainment Digest

Tue, 08 Apr 2008 14:45:01 +0000

[...] may be wondering, how can one tell if their WordPress install is hacked? YugaTech has some tips, the most critical ones I’ll reiterate [...]

By: Weblog Tools Collection » Blog Archive » Vulnerable WordPress Blogs Not Being Indexed

Tue, 08 Apr 2008 14:26:54 +0000

By: yuga

yuga — Tue, 08 Apr 2008 05:29:37 +0000

Yes, the advantage of not using a popular blog CMS.

By: Eugene

Eugene — Tue, 08 Apr 2008 03:19:36 +0000

Hmmm… I guess it’s an advantage that I’m not running on WordPress, Movable Type, or other popular blog CMSs.

By: Maki

Maki — Mon, 07 Apr 2008 16:52:53 +0000

How do you check if a blog is hacked?

By: Deep Jive Interests » UPDATE: Has ZDnet Been Hacked As Well?

Deep Jive Interests » UPDATE: Has ZDnet Been Hacked As Well? — Mon, 07 Apr 2008 16:21:26 +0000

[...] WordPress hackers come from? (not all, of course) Abe Olandres, former editor of the BlogHerald, notes that some of them are Philipino. He’s worked on some security problems in WordPress and has found some of the comments to be [...]

By: FruityOaty

FruityOaty — Mon, 07 Apr 2008 16:09:51 +0000

Oh, P.S.

Try this plugin called WP Security Scan:
http://wordpress.org/extend/plugins/wp-security-scan/#post-4986

Scans your WordPress installation for security vulnerabilities and suggests corrective actions.

-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security

By: FruityOaty

FruityOaty — Mon, 07 Apr 2008 16:06:32 +0000

I was recently hacked too (index.php file) and iframes were injected in my posts. It resulted in my site getting banned from Google Search results (distributing spyware). All Google results pertaining to my site were slapped with this warning: “This site may be harmful to your computer.” As a result, traffic from Google trickled to ZILCH. My Adsense dropped too.

It was hell fixing the issue. After the fix, I had to request that Google re-assess my site. It was given a clean bill of health just a couple of weeks ago.

I wanted to write about the incident, but I was afraid of attracting the hacker’s attention again.

Since then, I toughened up my site’s security… well, to the best of my knowledge. (It’s a bit technical for some people, this topic.)

I really recommend this site: http://blogsecurity.net/

Got a lot of useful tips & tools (plugins) on how to secure WordPress a bit more.

By: SELaplana

SELaplana — Mon, 07 Apr 2008 14:33:52 +0000

I recently discovered that my footer was modified and inserted a code that insert unknown image. I don’t know if it was done remotely or just automatically inserted by a worm or trojan or whatever when editing it using the CPANEL or theme Edit function of wordpress