Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Nasty New Cloaked Attack On Websites

Featured Replies

This thing sounds nasty. It is apparently cloaked so goes undetected. Reports say it showed up on Wordpress, but may not be a Wordpress vulnerability.

Update 1: Note that we are not blaming Wordpress here. I am assuming that if the problem was on Wordpress itself, the number of infected sites would be much much bigger. Maybe a plugin is vulnerable or someone stole lots of passwords. Also, all the hacked sites were on shared hosts, no one so far on a private server.

We are seeing multiple reports today of Wordpress sites (running their latest version) getting compromised. The initial reports today were restricted only to Dreamhost, but now we are seeing the same pattern on blogs hosted at GoDaddy, Bluehost, Media temple and other places. Link to about this threat

An ongoing discussion about the threat

Note to Mods: Please don't move this to the Linux forum .. as been done it the past. Many folks who have websites on a Linux server don't use Linux on personal machines.

Wordpress is wonderful but its popularity has made it a big fat target. If you don't keep your security patches up to date you've had it.

Edited by Crushdepth

I see you linked to the Sucuri Security blog in the quote, dated May 7.

If you want to start a little earlier, read the May 1st blog

http://blog.sucuri.net/2010/05/second-roun...tes-hacked.html

And then work your way through the May archives.

Be very very careful if you are using GoDaddy.

  • Author
I see you linked to the Sucuri Security blog in the quote, dated May 7.

If you want to start a little earlier, read the May 1st blog

http://blog.sucuri.net/2010/05/second-roun...tes-hacked.html

And then work your way through the May archives.

Be very very careful if you are using GoDaddy.

@higgy88 Yes, you are correct. I follow a few links from WebmasterWorld which is where I first read about the threat. I think anyone who has a website on one of the big hosts need to read anything and everything they can get their eyes on. Apparently, some of the hosting companies are in a temporary state of denial while their customers' sites are displaying ads for P O R N.

Edited by klikster

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.