The WordPress Pharmacy Hack

A number of WordPress blogs around the world have been hacked (or cracked, whichever word you prefer) and a "pharmacy" subdirectory have been injected below the WordPress root. I know of these victims at the moment:

azin.se
benniboedker.dk
www.blog-celeo.com
www.digitalrights.gr
www.toscaninelmondo.org
www.vdomck.org
www.yerbastory.pl

The injected web pages are advertised by fooling Yahoo! search to make a weird GET request to a totally different web site, resulting in log lines like this:

74.6.17.184 – – [29/Aug/2008:04:03:50 +0200] "GET /\"//example.com/blog/pharmacy/spam.html\" HTTP/1.0" 404 15145 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; //help.yahoo.com/help/us/ysearch/slurp)"

I really recommend every WordPress user to add at least one extra level of protection to their wp-admin subdirectory. It’s not safe.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.