Attack of WordPress blogs on Rackspace

Update: It is not a “mass” attack as we described. Sorry about that. A good number of sites were affected (we don’t have a clear number yet), but nothing massive or crazy as our post sounded.

If you follow our blog, you probably noticed that these last few months have been specially hard for hosting companies. Lots of them got hacked, bringing down thousands of sites with them. Now we are hearing reports of a mass hack of WordPress blogs hosted on Rackspace.

What is going on?

The attackers were able to get access to Rackspace databases and infect the sites through there. They created a new admin user on many Worpress sites, giving them full access to the WordPress admin panel.

With that access they were able to inject malware, and as we saw before they used that to inject SEO spam to the sites.

What are the symptoms?

The first symptom that is easy to spot is new and malicious javascript files or spam on your site. Our scanner would detect them properly:

Read More