Blog Hacked – Paying the price for not upgrading WordPress

I don’t remember which version I installed first when I started this blog back in Nov’06 but I followed the upgrade cycle with every release till 2.1.1. I became a bit lazy and did not follow the security exploits news that kept circulating on net about WordPress security exploits with version 2.1.1 and few other releases.

Beginning first week of march, the traffic from Google started to dip in a big way. By second week the traffic was down by 90% and now the traffic is reduced to only a few hits.

Since last week I spent a lot of time looking at logs, my content, links and everything I could get my hands on except one thing! It was checking for hidden text in the HTML source of the posts. I could have easily not checked it but I saw a hit from Live which was referring to an Office template post for a keyword ‘ringtone’. This clue was good enough to nail down the culprit. I had then searched google for keyword ‘ringtone’ in my site and I was looking at the worst thing that could have ever happened to any of my sites. My blog was hacked!

Looking around on net for WordPress exploits brought up many posts pointing to a common wp_footer exploit and I knew what had happened. I removed the call to the function wp_footer from footer.php and looked at all the php files in the wp-includes folder and the root folder of my WP installation. I have now changed the password also and hope to see things getting back to normal in a few weeks time.

My advice to you – if you are still on WordPress 2.1.1 or any other older release, please do spend sometime today or this weekend and upgrade your WP to the latest version available. You will avoid the kind of pain I have gone through since last few weeks.
[tags]WordPress, Security[/tags]