WordPress Issue? Scan “Local Machine”

On October 10, 2011, wrote:

From humble, open source beginnings, WordPress now powers over  61 million sites worldwide. The extent to which it has grown in popularity not just for bloggers but professional designers and developers is evidenced by Smashing Magazine recently launching an extended, dedicated WordPress section. I’m currently one of these working in web design in Chicago.

The Project

I recently had a very simple project of launching a blog with a small shopping cart installed in time for the 2011 Rugby World Cup held in New Zealand. Wait-of-Nation.com went live a little over two months ago.

The Client

With a background in PR/Advertising my client was well versed in getting himself out there, which in a country of 4.5 million people really isn’t that hard to do. He had a good product (sports blog of the most popular sport in NZ), with a niche message/ slant (“Home of New Zealand’s crushing expectation” – that the All Blacks – the National team – would win the tournament). He contacted newspapers, and a well-respected magazine journalist found his site and wrote a glowing review of the site. Press begets press. National Radio did an interview. International news outlets picked up the story. A South African Ruby blog linked to it and he received 8000 page impressions.

The Hack

It began with a simple Warning: Cannot modify header information – headers already sent by somefile.php(output started at somefile.php:###) in somefile.php on line ### inside the admin panel, and ended with emails from online security at Lloyds bank in London warning that the site was conducting a phishing attack against them.  And of course Google produced a malware warning to anyone trying to visit the site. Perfect timing: this the day after publicity you just can’t buy.

In the end, it was the well-known TimThumb Vulnerability.  TimThumb.php is included in a lot of WordPress themes and plug-ins (free and paid). Exploiting this vulnerability, an attacker can upload and execute a PHP file of his choice on a vulnerable website.

The Solution

1) Got a phone call from the client: “My website is busted.”

2) Performed fresh WP re-install and DB backup

3) Contacted Google via Webmaster tools (the best way) for a site review to get rid of the malware warning.

Following these steps led to:

The Real Solution

1) Got a phone call form the client: “My website is busted. Again.”

2) Preformed fresh WP re-install and DB backup

3) Contacted Google via Webmaster tools (the best way) for a site review to get rid of the malware warning.

4) Reading, reading, reading. How could this be happening again? And why weren’t there any WP forums lighting up with this vulnerability, given that WordPress powers a gazillion websites? Scanning the WP codex about hacks and viruses, my eyes rested on the following subheading:

“Scan local machine”

My turn to ring the client. Was his laptop clean? Was it running slowly or otherwise acting weirdly? “… Now that you mention there’s a Chinese-thingy-dialogue box flashing when ever I open a new  browser.”

The Absolutely Final Solution:

I can no longer be bothered with Windows; for years it has been something I’ve just tolerated. I could’ve spent time cleaning his laptop, installing decent anti virus software and telling him to preform regular anti-virus scans, etc. But this was no guarantee against this happening again.

So I simply installed Ubuntu alongside Windows and told my client that if he didn’t use it whenever he blogged, large numbers of small furry animals playing in tranquil woodland surroundings would die unexpectedly, painfully, horribly.

About the author: Hame works in web design in Chicago.

Resources:

Download the Ubuntu installer that will run alongside Windows.

http://codex.wordpress.org/Hardening_WordPress (Take special note of .htaccess file.)

http://codex.wordpress.org/FAQ_My_site_was_hacked

Free site scanner: http://sitecheck.sucuri.net/scanner/


Stay Connected, Subscribe to the Lakeshore Branding blog feed via RSS, email and you can follow Lakeshore Branding on Twitter!

What do you think? Share your thoughts by leaving a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *