WordPress.org

Ready to get started?Download WordPress

Forums

Hacked WordPress websites being used for spam (13 posts)

  1. foxylady337
    Member
    Posted 2 months ago #

    I'm not a WordPress user, I'm just being inundated with spam from bogus penis-enlargement and weight-loss scammers, who send emails like this:

    Begin forwarded message:

    From: "Enlargement supplement Sample" <clericferret@worldatlas.com>
    Subject: Give her more of yourself
    Date: 11 February 2014 00:04:16 GMT
    To: <SOMEONE'S EMAIL ADDRESS>
    Cc: <MYEMAIL ADDRESS>

    http://SomeWebSite/cupidraffle/

    If you can't click the above link, move this email to your inbox and then click!
    End forwarded message

    Most of the websites appear to be using WordPress, and the link is to a directory inserted by the hackers which contains an advertisement for the product.

    I notice that you have instructions for WordPress users who realise their sites have been hacked, and have pointed the owners of the sites that I can contact in this direction - my main problem is that I can't make contact with all of the owners.

    Is there some way that WordPress (as an organisation) can trace affected websites and contact their web administrators?

  2. esmi
    Theme Diva & Forum Moderator
    Posted 2 months ago #

    WordPress.org does not providing hosting for sites. Nor does it intervene directly in such cases unless the site owner asks for help here. You could use http://www.whoishostingthis.com to determine where these sites are hosted and contact the site owners or their hosts yourself

  3. foxylady337
    Member
    Posted 2 months ago #

    In some instances there is a "Contact Us" feature or an email contact, but this is a tedious procedure and I was hoping for something easier.

    Here are some recent examples of hacked sites:

    http://arigraphix.com/alumnigrayson/
    http://blog.ikipiro.com/concoctinconsolable/
    http://buyaffordablejewelry.com/hereuntodolan

    and the pattern in the others is similar - a bogus directory added, named using a couple of random words.

    I appreciate that WordPress has a huge number of users and individual communication is not likely to be practicable, but presumably there is some mode of communication with users in general (notification of upgrades, for example), and a "how to detect hacking" guide could be put in.

    Businesses may not suffer directly from hosting spammers, but the breach of security must be a concern.

  4. esmi
    Theme Diva & Forum Moderator
    Posted 2 months ago #

    presumably there is some mode of communication with users in general

    Not as such, no. WordPress is software provided freely by wordpress.org. wordpress.org has no direct connection with any site running this software.

    the breach of security must be a concern.

    There are many reasons why a site may have been hacked but there are no known security issues in the current version of WordPress

  5. foxylady337
    Member
    Posted 2 months ago #

    There are many reasons why a site may have been hacked but there are no known security issues in the current version of WordPress

    Agreed, and the link is very helpful. My point was, though, that a naive site manager might not think there was much harm in a folder on his site being used to promote ineffective and potential dangerous products, but that the fact that administrator passwords were known to the hackers might suddenly make him less relaxed!

    Does the WordPress application prompt site administrators when a new version is released? Could some form of hack detection be advised at that stage?

  6. esmi
    Theme Diva & Forum Moderator
    Posted 2 months ago #

    the fact that administrator passwords were known to the hackers

    What admin passwords? All the author urls show is the username.

    Does the WordPress application prompt site administrators when a new version is released?

    Yes. They have an upgrade notice in their site's admin area.

    Could some form of hack detection be advised at that stage?

    No - because every hack is different.

  7. foxylady337
    Member
    Posted 2 months ago #

    What admin passwords? All the author urls show is the username.

    I'm presuming that the creation and population of a new directory in a website requires admin privileges.

    No - because every hack is different.

    I have encountered several hundred like the examples I gave above. An unfamiliar directory should raise the alarm. A general warning to the site admin about hacking when a new version of WordPress is downloaded, and advice about checking for unfamiliar files in the website's structure would help.

    I should probably just shut up now, and just let my spam filter throw these emails in the bin - it annoys me, though...

  8. esmi
    Theme Diva & Forum Moderator
    Posted 2 months ago #

    I'm presuming that the creation and population of a new directory in a website requires admin privileges.

    Yes but these are completely unrelated to the login details for the site itself.

  9. foxylady337
    Member
    Posted 2 months ago #

    Yes but these are completely unrelated to the login details for the site itself.

    I'm not sure what you're saying here. The admin credentials I'm talking about (which allow the creation of new directories, etc) will give whoever has them read-write capability over every file in the site.

  10. esmi
    Theme Diva & Forum Moderator
    Posted 2 months ago #

    The admin credentials I'm talking about (which allow the creation of new directories, etc) will give whoever has them read-write capability over every file in the site.

    No - they won't. You cannot create new folders or edit any core files from within WordPress.

  11. foxylady337
    Member
    Posted 2 months ago #

    So the fact that the majority of the sites which have been hacked in this way use WordPress is coincidental, and perhaps merely reflects the large number of WordPress users?

  12. esmi
    Theme Diva & Forum Moderator
    Posted 2 months ago #

    Correct. WordPress is apparently generating something like 13 - 18% of all web sites (exact figures dependant upon which source you read). Throw in the facts that some users refuse to upgrade WordPress, continue to run old, unsafe, versions and/or download plugins & themes from unsafe sources and it's not surprising that dozens of WP sites get hacked every day.

    The same could be said of other open source systems such as Drupal or Joomla - neither of which (like WordPress) is inherently insecure if you keep things up-to-date and only download from trusted sources.

  13. foxylady337
    Member
    Posted 2 months ago #

    OK - I'll get back to emptying my spam bucket.

Reply

You must log in to post.

About this Topic