{"id":875,"date":"2012-03-07T19:05:04","date_gmt":"2012-03-07T19:05:04","guid":{"rendered":"http:\/\/tech-no.104.210.61.21.xip.io\/?p=875"},"modified":"2012-03-07T19:43:55","modified_gmt":"2012-03-07T19:43:55","slug":"30000-wordpress-blogs-infected-with-malware-time-to-update-your-wordpress-and-its-plug-ins","status":"publish","type":"post","link":"https:\/\/tech-no.org\/?p=875","title":{"rendered":"30,000 wordpress blogs infected with malware, time to update your wordpress and its plug-ins!"},"content":{"rendered":"

\"\"<\/a><\/p>\n

I actually had this happen to www.genesiscommunications.biz this week, i found that a conditional redirect was added to the .htaccess file. This conditional redirect was sending traffic to a malware site in Russia. This could have resulted in Google flagging our site as a source of malware. I removed the .htaccess file and it appeared again in a few moments. I then upgraded wordpress to the latest version, upgraded the plug-ins. Then i removed any components i was no longer using to avoid further points on entry to the server. (SugarCRM, Joomla and others were installed on the virtual server and i wasn’t using them actively.) After taking these steps i restored a copy of the site from a backup that was taken after the last changes to the site to ensure no rouge entries were left. So far so good.<\/p>\n

Here is an article with a similar issue where code is injected into the page and the end result is a fake-av type threat that apparently can install without user action.<\/p>\n

http:\/\/www.networkworld.com\/news\/2012\/030612-30000-wordpress-blogs-infected-to-256993.html<\/a><\/p>\n

 <\/p>\n

The lesson learned is to make sure you regularly update your WordPress and exercise caution when selecting plug-ins.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

I actually had this happen to www.genesiscommunications.biz this week, i found that a conditional redirect was added to the .htaccess file. This conditional redirect was sending traffic to a malware site in Russia. This could have resulted in Google flagging our site as a source of malware. I removed the .htaccess file and it appeared …<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/875"}],"collection":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=875"}],"version-history":[{"count":3,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/875\/revisions"}],"predecessor-version":[{"id":877,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/875\/revisions\/877"}],"wp:attachment":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}