If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(BBC)   Army of zombified computers no one's paying attention to attacks same   (bbc.co.uk) divider line 22
    More: Repeat, WordPress, home computers, botnets, network connections, DDoS, Host Gator  
•       •       •

10911 clicks; posted to Main » on 15 Apr 2013 at 12:28 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



22 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2013-04-15 12:30:52 PM
Hah. Seriously though, there's stuff in there besides Keyword Rich horseshiat. ...really.
 
2013-04-15 12:32:39 PM
Brrrrrraaaaaiiiiinns Byyyyyytttttttes!
 
2013-04-15 12:34:12 PM
Just another backdoor security breach.
 
2013-04-15 12:35:08 PM
Did not read TFA. Well because words and shiat.
Are these all the zombie computers mining for precious Bitcoins?
 
2013-04-15 12:37:02 PM
www.tubecityonline.com
 
2013-04-15 12:40:54 PM
Too.

dummy
 
2013-04-15 12:45:17 PM
Hah! I cleaned up two Drupal sites over the holidays that were assumed to be WP sites. There were php trojans all over the place. Removed the offending files, tightened filesystems perms, and reinstalled the cores and modules. All good. The $$$ are awesome for emergency holiday work.
 
2013-04-15 12:58:21 PM

My Yali or Yours: Just another backdoor security breach.


I've seen that movie.
 
2013-04-15 12:59:51 PM
i190.photobucket.com
 
2013-04-15 01:15:42 PM
To be fair, WordPress *is* popular and often runs on well-connected servers without significant outgoing port limitations. Abusing such systems to send out spam, attack other systems, etc. is somewhat troublesome.

The article does include information about adding two-factor authentication for WordPress.com-hosted sites but doesn't give any useful information for self-hosted WordPress sites. You can get the Google Authenticator plugin for self-hosted WP sites  here.
 
2013-04-15 01:15:53 PM
"Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog.

And here's what I recommend... if you're using WordPress to run a website, you're using the wrong tool for the job.  Use real CMS software, not blog software.

WP is used by people who started a blog, and then added a few pages to it.  Despite adding bells and whistles, the WP engine remains optimized for blogging, not for running a website.  If you use WP to run a website out of the gate, you're an idiot.  If you grew out of your blog and now have a website, then move out of your grandma's basement.
 
2013-04-15 01:28:44 PM
farm9.staticflickr.com
 
2013-04-15 02:25:44 PM
64 million sites, 371 million hits?

That's <6 hits per blog per month. I get more than that on my (personally hosted, used to be used by my EVE-Online corp) blog, and mine's completely locked down - I just use it as a diary now, basically, so I'm the only traffic.

That's a lot of abandoned blogs.
 
2013-04-15 02:27:33 PM
Surely there are more wordpressing issues..
 
2013-04-15 02:38:49 PM
That reminds me, maybe I should take a cue from Heisenberg's kid and start my own donation site. How does www.gettheonetruethedavidlotsofhookersandblowsohewillshutupandgoaway.c om sound?
 
2013-04-15 02:57:48 PM

Wodan11: "Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog.

And here's what I recommend... if you're using WordPress to run a website, you're using the wrong tool for the job.  Use real CMS software, not blog software.

WP is used by people who started a blog, and then added a few pages to it.  Despite adding bells and whistles, the WP engine remains optimized for blogging, not for running a website.  If you use WP to run a website out of the gate, you're an idiot.  If you grew out of your blog and now have a website, then move out of your grandma's basement.


As a web developer, I think you're hanging onto an outdated view of WordPress. Yes, it started out a blog-only, and was disregarded for years because of it (by myself as well). But, it has blossomed into a blog-oriented CMS that's:

a) less clunky and faster than joomla
b) less unnecessarily complicated than drupal
c) less run by microsoft / faster than DotNetNuke
d) less out of it's league than PHP-nuke's shadow-of-its-former-self, or any of the other small PHP CMS frameworks (IE Tiny, concrete, etc)

That's why it's being used to power millions of sites across the web. The only real downsides to it these days are the same security vulnerabilities and risk of being overused that come with its popularity..
 
2013-04-15 03:00:43 PM

Somaticasual: Wodan11: "Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog.

And here's what I recommend... if you're using WordPress to run a website, you're using the wrong tool for the job.  Use real CMS software, not blog software.

WP is used by people who started a blog, and then added a few pages to it.  Despite adding bells and whistles, the WP engine remains optimized for blogging, not for running a website.  If you use WP to run a website out of the gate, you're an idiot.  If you grew out of your blog and now have a website, then move out of your grandma's basement.

As a web developer, I think you're hanging onto an outdated view of WordPress. Yes, it started out a blog-only, and was disregarded for years because of it (by myself as well). But, it has blossomed into a blog-oriented CMS that's:

a) less clunky and faster than joomla
b) less unnecessarily complicated than drupal
c) less run by microsoft / faster than DotNetNuke
d) less out of it's league than PHP-nuke's shadow-of-its-former-self, or any of the other small PHP CMS frameworks (IE Tiny, concrete, etc)

That's why it's being used to power millions of sites across the web. The only real downsides to it these days are the same security vulnerabilities and risk of being overused that come with its popularity..


I came here to say this, the original poster who dumped on WP hasn't used it lately, or to the degree that it's capable of handling.
 
2013-04-15 03:23:47 PM

heypete: To be fair, WordPress *is* popular and often runs on well-connected servers without significant outgoing port limitations. Abusing such systems to send out spam, attack other systems, etc. is somewhat troublesome.


It isn't like a shell account. Compromising the admin account doesn't let you do any of those things. You can't even install plugins (which could be written to do the above of course) unless you're self-hosted AND have it set up so that plugins can be installed from the admin panel - which has to be done from the shell. While the combination of not renaming the admin user while enabling admin panel plugin install does happen, it's not like every admin account hacked is going to give the attackers something they can do the above with.
What I think the real goal is, and I'm surprised the article never mentioned it, is to use the hacked blogs for blackhat SEO, linking to the sites the hackers want to have the google juice.
 
2013-04-15 03:51:46 PM

Fark Me with a Chainsaw: Somaticasual: Wodan11: "Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog.

And here's what I recommend... if you're using WordPress to run a website, you're using the wrong tool for the job.  Use real CMS software, not blog software.

WP is used by people who started a blog, and then added a few pages to it.  Despite adding bells and whistles, the WP engine remains optimized for blogging, not for running a website.  If you use WP to run a website out of the gate, you're an idiot.  If you grew out of your blog and now have a website, then move out of your grandma's basement.

As a web developer, I think you're hanging onto an outdated view of WordPress. Yes, it started out a blog-only, and was disregarded for years because of it (by myself as well). But, it has blossomed into a blog-oriented CMS that's:

a) less clunky and faster than joomla
b) less unnecessarily complicated than drupal
c) less run by microsoft / faster than DotNetNuke
d) less out of it's league than PHP-nuke's shadow-of-its-former-self, or any of the other small PHP CMS frameworks (IE Tiny, concrete, etc)

That's why it's being used to power millions of sites across the web. The only real downsides to it these days are the same security vulnerabilities and risk of being overused that come with its popularity..

I came here to say this, the original poster who dumped on WP hasn't used it lately, or to the degree that it's capable of handling.


thirded.

I prefer Joomla for my purposes but Wordpress, Drupal, and Joomla are all great platforms.  Do a search for "major sites that use xxx", where "xxx" is the name of the CMS, and you'll be surprised who is using what.
 
2013-04-15 03:53:43 PM

JWideman: It isn't like a shell account. Compromising the admin account doesn't let you do any of those things. You can't even install plugins (which could be written to do the above of course) unless you're self-hosted AND have it set up so that plugins can be installed from the admin panel - which has to be done from the shell.


That used to be the case, but you've been able to install plugins from the admin interface for at least the last year or so. You can also upload a wide variety of media types that can then be made publicly accessible. I'm not sure if it disallows uploading certain file types, but if so I'm sure it could be overridden.

From what I've heard, they're mostly attacking self-hosted sites. It wouldn't surprise me if many people use a similar password for the admin account as they do for the hosting account (which would likely get them shell access, or at least the ability to upload arbitrary files).

What I think the real goal is, and I'm surprised the article never mentioned it, is to use the hacked blogs for blackhat SEO, linking to the sites the hackers want to have the google juice.

Yeah, that's most likely. Still, there's no saying what they'd be able to do.
 
2013-04-15 05:46:24 PM

Wodan11: "Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog.

And here's what I recommend... if you're using WordPress to run a website, you're using the wrong tool for the job.  Use real CMS software, not blog software.

WP is used by people who started a blog, and then added a few pages to it.  Despite adding bells and whistles, the WP engine remains optimized for blogging, not for running a website.  If you use WP to run a website out of the gate, you're an idiot.  If you grew out of your blog and now have a website, then move out of your grandma's basement.


Haven't used WordPress for a few years so?
 
2013-04-15 06:05:25 PM
Your blog sucks.
 
Displayed 22 of 22 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »





Report