How can you find if your WordPress blog has been hacked ?
WordPress Blogs (or for that matter, any software) become more vulnerable to hack attacks if you are not using the latest security updates. Hackers can then inject code into your WordPress files (especially themes) that will allow them to inflate the Google rankings of other spam websites though your blog.
And this is no uncommon thing. Dr Tony Hung recently discovered several WordPress websites that got hacked (include ZDNet) and affiliate links were secretly embedded into blog templates. Allen Stern, Kevin Burton and Matt Craven have more on this issue.
Is my website hacked ?
When a hacker gains access to your blog or website, he will modify certain files so that his tracking code gets executed and the spam links get displayed when people view your web pages.
So if you are curious to know if someone hacked into your WordPress blog last night and changed the files, you can look at the timestamp of every file on your web server and pay special attention to file that were modified during the time-period when you were fast asleep.
Don’t worry, you don’t have to try this manually, here’s a command to help you out:
Step 1. If you are on WordPress and have enabled WP-Cache plugin, go to your Plugin Settings and delete all the files from cache.
Step 2. Login to your web server using telnet or putty and switch to the directory that contains your WordPress files.
Step 3. Type "ls -Roh grep YYYY-MM sort -k 5,6" (without quotes and replace YYYY-MM with current month like 2008-04)
If the timestamp of any of your WordPress theme files or the standard WordPress files appears recent, you may want do a carefully check the contents of these files and compare them with the original files in your backup. Good luck.
Technicals - The ls command will recursively display all the files in WordPress directory and the -h switch will show their exact size in KB or MB. The grep command will limit this list to files that were changed only this month (or you can limit it to a day). The sort command will finally arrange this list to show files at the bottom that were modified most recently.
1 comment:
Good call - I think we need to make an automated tool to help people scan for these... there have been a multitude of c99MadShell -upload attacks over the last few weeks... and these are all file-upload/injection vulnerability-based.
Perhaps we can come up with an automated tool/script to find vulnerable (or exploited) WordPress?
Post a Comment