In the past month i’ve seen a huge increase hacked and spammed WordPress installs.

At CIAS we have 1000+ users accounts with 203 individual installs managed by the students, so i usually try to allow the students the benifit of the doubt that they will update their own software… year… that hasn’t been working out so well.

Over the years i’ve had to update a few accounts which have been hacked or otherwise compromised… but lately, the issue has been getting worse and worse. Last night i did a mass upgrade of 203 installs to wordpress 2.7..

I’ve created a script that watches the version of every install on the server. Once a new version of wordpress becomes available i will increment the version on the server and hopefully everyone’s wordpress will get upgraded just like that. Hopefully i’ll be able to keep us from getting hammered with spam.

Another issue we have on the server is poorly written upload scripts which are allowing .php files to be uploaded, and then execuded by the webserver, which then creates a nice little backdoor for hackers to then pepper the server with bad files and crap. Its annoying! LEAVE ME ALONE 😉

 

Leave a Reply