RSS Alerts

Share

More services

Related Links

Related Stories

  • Symantec hacked in SQL attack
    Symantec's Japanese support website has been hacked using an SQL injection attack, the company confirmed yesterday.
  • SQL injection attack leads to command execution
    SQL injection will take a new turn later this month at Black Hat Europe, when a security researcher shows how to take control of a database server using the technique.
  • Kaspersky site hacked over weekend
    Anti-malware vendor Kaspersky's site was hacked over the weekend, using an SQL injection attack. While admitting that the site was vulnerable, Kaspersky is denying that the vulnerabiity was critical. The hacker nevertheless listed what he said was the full set of tables from the firm's MySQL database.
  • No connectivity means no cloud AV: true or false?
    Writing in the Insinuator blog, Matthias Luft of ERNW challenges the value of cloud based anti-virus.
  • WordPress plugin can lead to a malware blackhole
    Research carried out by Avast's virus labs in the Czech Republic has revealed a surge in the volumes of infections within WordPress sites, an open-source application frequently used by bloggers and self-publishers, due to a vulnerability in a popular image plugin facilities and slack credential management.

Top 5 Stories

News

Network Solutions fixes WordPress installations

13 April 2010

Web hosting company Network Solutions has deployed a massive fix for a configuration flaw that led to hundreds of WordPress blogs being compromised.

The attack involved changes to the site content stored in the WordPress database. The attacker inserted an IFRAME tag in the database, so that when content rendered on a WordPress blog, the siteurl parameter pointed to a malicious website. Siteurl is meant to point to the website URL containing the blog in question.

The attack, discovered by researchers at security firm Sucuri Security, affected fully patched versions of the WordPress blog. Even blogs that restricted administrative access to a few IP addresses were hit. The problem was found to lie with the way that file permissions were configured on the hosting server. wp_config.php, the configuration file for independently hosted WordPress blogs, stores the database access credentials for a blog in plain text. This should not normally be a problem, if file access permissions are set properly. However, many users installed the software in a way that left the file readable by anyone.

According to Sucuri, the attacker created a script to find configuration files that were incorrectly configured and therefore publicly readable. He then retrieved the configuration files with the incorrect permissions, and harvested the database credentials. The hacker then used those credentials to access the databases and change the siteurl parameter, pointing to a malicious site.

"So, at the end anyone can be blamed," said the researcher at Sucuri. "At WordPress for requiring that the database credentials be stored in clear text. At WordPress again for not installing itself securely by default. At the users for not securing their blogs. At Network Solutions for allowing this to happen."

WordPress developers responded that configuration parameters are the users' responsibility, or the responsibility of automated installation scripts that might be run by a hosting company. And the file has to be stored in plain text so that it is readable by the system, they added.

Network Security fixed the problem in a process that involved changing passwords for the WordPress databases hosted on its systems. It recommended that all customers using WordPress should log into their accounts to change their administrative passwords.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012