Search

About me

Johannes (Hanno) Böck
mail: hanno@hboeck.de
jabber: hanno@hboeck.de
gpg: BBB51E42
ssh: RSA, ECDSA


Hanno on Twitter
Hanno on identi.ca

Impressum

schokokeks.org



Atheist

Twitter/identi.ca

hanno: Neue Webseite oben http://t.co/NCUxYpGkZo Blog künftig unter http://t.co/xR2HttXLIF (alte URLs werden umgeleitet)

hanno: Linuxtag-Keynote zu "Antifeatures" von Benjamin Mako Hill http://t.co/TvY5Dda4ka

hanno: Seen one of those scary meth victim tooth pictures? study claims lots of diet soda just as bad http://t.co/ecvy7DOcK3

hanno: gehts eigentlich nur mir so dass sich kabeld+youtube in letzter zeit oft wie drosselkom anfühlt? so mit aussetzern und so.

hanno: Vielleicht sogar von einer staatlichen Behörde

Anzeigen

Events

22.05 - 25.05 - Linuxtag
30.05 - 02.06 - GPN13 (4 Days)
04.07 - 07.07 - PQCrypto (39 Days)
05.07 - 07.07 - SIGINT (40 Days)
31.07 - 04.08 - OHM13 (66 Days)
01.10 - 02.10 - Open Access Tage (128 Days)
My pages
Picture gallery

Archives

Categories



All categories

Feeds

Tags

Creative Commons

CC0
Unless noted otherwise, all content is CC Zero / public domain

Wordpress mass hacks for pagerank

Thursday, April 10. 2008, 02:44
Today heise security brought a news that a growing number of old wordpress installations get's misused by spammers to improve their pagerank. I've more or less waited for something like that, because it's quite obvious: If you have an automated mechanism to use security holes in a popular web application, you can search for them with a search engine (google, the mighty hacktool) and usually it's quite trivial to detect both application and version.

This isn't a wordpress-thing only, this can happen to pretty much every widespread web application. Wordpress had a lot of security issues recently and is very widespread, so it's an obvious choice. But other incidents like this will follow and future ones probably will affect more different web applications.

The conclusion is quite simple: If you're installing a web application yourself, you are responsible for it! You need to look for security updates and you need to install them, else you might be responsible for spammers actions. And there's no »nobody is interested in my little blog«-excuse, as these are not attacks against an individual page, but mass attacks.

For administrators, I wrote a little tool a while back, where I had such incidents in mind: freewvs, it checks locally on the filesystem for web applications and knows about vulnerabilities, so it'll tell you which web applications need updates. It already detects a whole bunch of apps, while more is always better and if you'd like to help, I'd gladly accept patches for more applications (the format is quite simple).

With it, server administrators can check the webroots of thier users and nag them if they have outdated cruft laying around.
Computer culture, English, Linux, Security | Comment (1) | Trackbacks (0)
Defined tags for this entry: , , , ,
Related entries by tags:

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

I didn't realize how easy it was to take advantage of a vulnerability in Wordpress and what was possible for exploiting the vulnerability.
I'm glad I found this post. I'm looking forward to trying out your vulnerability scanner at work.
Thank you.
#1 John Alberts (Link) on 2008-04-15 05:24

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.