Wordpress stealth hack
 

Wordpress sites are being hacked by the hundreds, and you may not even realize that yours is too if you host on any number of shared servers (Network Solutions, Dreamhost, GoDaddy, etc...).

http://www.wpsecuritylock.com/breaki...-on-dreamhost/

Thanks man bump for more awareness

Wordpress = fucking nightmare.

Where there's a will, there's a way.

Any mass software solution is going to be hit sooner or later. Stinks, but it's inevitable.

Thanks Brujah. Now I remember why I let a 100 domain experiment die on its ass.

thats what you get for hosting on a shitty web host, serves them right

:thumbsup thanks for notice

sometimes , yes:2 cents:

That friggin sucks.

This seems like a hosting issue, not wordpress.

Any php site on these affected shared hosts are vulnerable. There are people with phpld, joomla sites, even custom php sites that are getting hit. Only thing they have in common is that they used one of the above-mentioned shared hosts.

its only on shared hosting? so blogs on dedicated servers aren't being affected?

Yes, that's what I have read, only certain shared hosts are being hit right now.

Wonder if it is the same shitheads that did the big attack last time.

Thanks for that. Can't find any with a problem :)

has anyone found one of these websites or is it just dreamhost bashing?

considering the source is a person who makes money selling WordPress security software and knowledge :)

Dreamhost, network solutions, godaddy are all being hit, all kinds of php sites. Not exclusive to wordpress at all.

I wondered the same to be honest. I haven't seen a site listed that's been hit yet.

Do you know of any that have been hit by any chance?

On wordpress.org forums there's a list of people who claim their sites were hacked.
http://wordpress.org/support/topic/396524?replies=1

Add BlueHost to the list of shared hosts. Also, this doesn't seem to be exclusive to wordpress, but sometimes other .php files on the servers.

dont say that:Oh crap

cant you set wordpress to only let your ip login?

the attacks are on Apache, not WordPress, that's why it only works on shared hosting. They attacked WP, ZenCart, Drupal and almost any PHP file at sight. Thing is WP has millions of users, hence you'll see "WP is under attack". Or do you expect to see "some custom php script is under attack"? geez, some people :Oh crap

Quite curiously, you'll rarely see "some idiots at shared hosting have no clue about what they're doing", and in 99% of cases that is the issue.

yes you can with some easy custom mod. However, the attacks were from inside the server, so how do you stop that? Last time, when the NetSol fiasco shown up (1 month ago or so) it was proven they had a rogue admin that changed permissions to allow access to account. Same with GoDaddy hosting. How do you plan to stop that?

I have no problems with my php sites on Dreamhost.

This is a sever config problem.. NOT Wordpress....

I checked all my WP stuff on shared earlier and it was OK!