vinnycoyne.com
Magical adventures in nerdery.

12 September 2011

Wordpress Phishing Hack

If you're running a Wordpress install, keep an eye on your themes folder and its subfolders.

There's a nasty hack going around that allows a hacker to upload phishing-related files to your server.They then use your site as part of a phishing scam to collect bank details from unsuspecting users.Judging by where these files reside, I'm guessing that they're using an exploit in the theme uploader.

The App Sandwich site was hit by this hack yesterday. Luckily, I was informed of it shortly after it happened, and I've since removed the offending files.

I've also gone through the extra trouble of removing Wordpress completely from the server. I'd been looking for an excuse to migrate from Wordpress. To date, their security has been sketchy at best (my install and plugins were 100% up-to-date), and I've been looking for something more lightweight for the site anyway.


← Back | 🔗 Permalink