Tuesday, August 09, 2011

Hacked WordPress blogs distributing malware

I have an approach to news which I’ve found works well for me over the years. If I read something in the news that doesn’t affect me or anyone I know then it is often hype designed to market a product or service. But when I know someone, or someone I know knows someone that it’s affected, then I consider the threat real and action needs to be taken.

This year a number of people I know have had their sites hacked. In one instance I assisted a client with their WordPress sites which had been hacked (I had nothing to do with the site as I generally don’t recommend the use of WordPress for a number of reasons). Whilst it was possible to remove the offending code the sites would be reinfected and the hosting company was required to remove the offending code as it was outside of the client’s control.

Today I read the following article.

Hackers are abusing thousands of independent WordPress sites to litter Google Image search results with code that redirects users to servers that attempt to infect them with malware
... Read More

What I found interesting about this article was the hackers are using Google Images to distribute malware. Those using Google Images to find images, will from what I see in many instances have almost no warning they are going to a site which may be distributing malware. This approach makes sense for hackers. Google scans sites to present images. It costs Google nothing for the content and the content links to the sites it was obtained from, which could have been hijacked.

The problem I find with people using WordPress is often they install the software on their own site and then think that is the end of it. Most will probably never upgrade their installation and as holes are found that means an ever increasing number WordPress based sites and left open for hacking.

Another client of mine recently had a site set up by a graphic designer using WordPress. I have to admit I did raise an eyebrow. This client is now either going to have to maintain their own site which they won’t as they don’t have the knowledge or skills to do it, or the graphic designer will need to do it and generally they aren’t interested in regular IT admin work which doesn’t generate an income.

If you’re considering a blog for your site do get some professional IT advice. Anyone can get a site for $5 a month, add WordPress for free and think they’ve done all they need to, but the reality is the work is just beginning. The client who required support incurred a bill of hundreds of dollars for support, exposed their customers to malware and had their site listed on Google as containing malware for a period of time which would not have happened had they used a different blogging approach.

The lessons here are:

- If you’re using images from the internet then perhaps think about how those images were obtained and potentially the sites they link to.

- Think about using images from sites that have been designed to distribute and share images as their core business.

- Think about the blogging software you’re thinking about using and the work you need to do to maintain it. If you install it on your own site are you skilled to maintain it.

- Think about your customers who visit your site. The decisions you make also affect them.

- If something is free on the internet there is a reason it is free and the site is making money somewhere else which may not always be in your best interest.

- Always be vigilant on the internet.

- If in doubt when searching on the internet think about a more secure approach which reduces the risk to you.

The internet is one of the wonders of the modern age, but do take care when using it.

- Kelvin Eldridge

No comments:

Post a Comment

Note: only a member of this blog may post a comment.