Comments on: Mass infection of WordPress blogs at Network Solutions

By: Richard

Richard — Mon, 19 Apr 2010 22:03:00 +0000

@ Peter

http://blog.networksolutions.com/2010/wordpress-is-not-the-issue/

"WordPress is not the issue.

by Shashi Bellamkonda on April 14, 2010

We wanted to respond to the debate and conversations about the recent incident affecting Network Solutions’ WordPress customers. Recently, our customers have complained about malicious code on certain of their blogs hosted by Network Solutions. This was not an issue with WordPress. Sorry to the WordPress community and customers for any misunderstanding. This issue resulted from a complex combination of factors and we own it. We have taken steps to address this issue and we continue to work to protect our customers. Also we wanted to let you know that no personal or sensitive financial information was taken as a result of this issue.

We are learning from this experience. By the way, we like WordPress and continue to use it for a lot of Network Solutions properties such as this blog. Network Solutions customers that need any assistance feel free to email us at listen @ networksolutions.com"

By: Peter

Peter — Mon, 19 Apr 2010 10:01:29 +0000

changing your passwords and siteUrl won't do u any good – the virus will strike back, it's a bug in wordpress…

WE NEED SOLUTION from the guys from WordPress.org

By: Anonymous

Anonymous — Fri, 16 Apr 2010 09:24:46 +0000

Fyi.
I had fixed the site url in the mysql db. Changed all sql/wp passwords.
See topic. http://wordpress.org/support/topic/385477/page/4?replies=53

By: Anonymous

Anonymous — Tue, 13 Apr 2010 15:33:44 +0000

@WPSecurityLock: Sites where WordPress was installed manually were hacked too.

By: WPSecurityLock

WPSecurityLock — Sun, 11 Apr 2010 09:59:35 +0000

Do we know if WordPress was installed using Fantastico on the affected sites?

Has anyone checked both the siteurl (ID 2) and home (ID38) inside the wp_options table?

I suggest changing the database table prefix to help limit the hacker roadmap too.

Hopefully the entry point will be found out soon.

Thanks for keeping us updated!

Regina Smola

By: kurt

kurt — Sat, 10 Apr 2010 07:24:37 +0000

I took a site that was hosted on Netsol and moved it to a new server 4/9. I cleaned everything I could find and restricted the permissions on htdocs. Today (4/10) it remains clean.

By: Cometcom1

Cometcom1 — Fri, 09 Apr 2010 20:13:59 +0000

Curious to hear if anyone noticed the networkads.net domain change to other domain names? It seems to me that this is currently happening.

Any other places that this has been found? – i.e. network solutions can't be the only place where this is happening.

By: Mike

Mike — Fri, 09 Apr 2010 18:39:48 +0000

Got my site back. (How? Beats me.) Changed WP password, posted, everything seems OK. Already changed database password. Judging only on looks, everything appears fine. Will add extra protections, but will it help?

By: Berry Langerak

Berry Langerak — Fri, 09 Apr 2010 17:46:32 +0000

Figured it might be nice to hear a different sound for once: the WordPress (2.9.2) site that I host, doesn't have any malicious site_url settings, so it might be limited to a cluster of wordpress installation.

By: Emerson

Emerson — Fri, 09 Apr 2010 17:21:29 +0000

Great Shashi,

If this isn't a problem specific to Network Solutions we'll know soon enough when you guys (or the WordPress community) find which code is letting this happen!