Automated WordPress Hacker Alert and What To Do

by John Hoff on August 30, 2011

Below is a copy of an article I sent out a few weeks ago to a segment of my list of people who purchased my WordPress Defender ebook.

The reason I’m posting it here is that both myself and the super cool chick over @RedHeadWriting woke up to a large number of hack attempts to our blogs. For me, they tried hitting 3 different blogs I own.

Check out my Inbox this morning (and I’m still getting more alerts):

It appears to be all automated, so be careful and get your blog secured now. Make sure you’re using the WordPress Firewall plugin to block hack attempts like these.

Here’s a quick video I just uploaded showing you my Inbox and how I banned the IP address from hitting my site further (sorry about the blur, this account hosts a number of niche websites I own… and I don’t want you discovering those now, do I?).

Note that this video was taken when I used a different hosting account than BTC Hosting.

Here’s the code you need to ban an IP address in your .htaccess file:

order allow,deny
deny from 66.147.244.81
deny from 74.220.215.65
allow from all

The two IPs above were ones which tried hacking my blogs, so you might want to include those for now.

———— Start Newsletter Copy —————-

So there are two threats going around lately which I’d like to make you aware of.

1. Timthumb.php

Timthumb.php is a file which is included in many (but not all) free and premium WordPress themes and is a program which deals with resizing images.

You can see if you’re using Timthumb.php by heading over to your Dashboard | Appearance | Editor and looking at the list of files you have on the right.

If you see Timthumb.php there, you’ll want to either delete it (make a copy first) or update the code using the most recent update.

The issue has to do with the fact that the code wasn’t written securely, which means a hacker could exploit this script to infect your blog with a virus.

You can read more about this threat here and here.

2. Google Image Search

From time-to-time I’ve used Google Image Search to look for images I can use (like arrows, buy now buttons, etc.) and it didn’t really hit me until today just how big of a problem viruses and WordPress are here.

Every now and then the anti virus program on my computer (Avast) would pop up a “Warning: Threat Detected” message when I’d view an image. I’d of course click back immediately and am always thankful I have a good anti virus installed.

But then just today I found this article online about Hacked WordPress Blogs Used to Poison Google Image Search.

That headline immediately caught my attention as I have had some experience with this.

At this point there’s not much we can do about it other than keeping ourselves as safe and prepared as possible. If you’ve gone through my ebook then you should be well equipped to handle and block such threats.

Okay so enough of the super interesting stuff. I know how much we all love reading WordPress security reports ;-)

{ 38 comments… read them below or add one }

Leave a Comment

Previous post:

Next post: