StorageMojo hacked yet again

by Robin Harris on Tuesday, 7 April, 2009

I’m at SNW and learning a lot about the latest and greatest, including wordpress hacking.

I found this helpful Google warning when I went to the site this morning:
google_warning

Oh, goodie.
Running the latest version of wordpress, so I *hope* that isn’t the problem.

Combed through the site files and found a few hundred suspicious cache files, which I deleted.

Also appears that my new theme, Thesis from DIYthemes, was hacked as well. Still sorting that out.

Update: It appears the culprit was a hacked “creative” coming in from IDG’s advertising network which reps for StorageMojo. I looked at the source and found no way to determine that.

So how does a “creative” get hacked? Are ad agencies being infiltrated by hackers? Did some idiot download a cute graphic and paste into a layout?

While I like my new theme, I’ve realized that its developers it know way less about security and software development than the WordPress team. And that gives me pause. End update.

Update II: Got another Google malware warning Saturday afternoon and was able to pull the offending script v fast. Also found a “WordPress” document that wasn’t part of WordPress at all. I hope that does it. End update II.

The StorageMojo take
The crack StorageMojo security team is on the case. Sorry for the disturbance.

Now back to our regularly unscheduled program.

Courteous comments welcome, of course.

{ 4 comments… read them below or add one }

Tracy Reed April 7, 2009 at 6:30 pm

Are you running any wordpress add-ons?

avc April 8, 2009 at 10:19 pm

And this is why I had trouble sleeping at night when my company used to use wordpress for a corporate blog.

Nicholas Lee April 9, 2009 at 7:21 pm

So you site itself wasn’t hacked, but the off-site content in your theme was replaced with malware. Problem like this could occur for any webapp with 3rd party themes. It’s happened though ad-networks as well.

Dave Cottlehuber April 14, 2009 at 2:57 am

Robin sorry to hear your site was trashed. However I am struggling to understand why you bother running your own blog. It’s embarassing to get hacked (spam me once, shame on you .. spam me twice, shame on me) and a simple fix is to make this somebody else’s problem. Wordpress & other platforms offer hosted blogs, what’s the reason for suffering the pain yourself?

— Dave

Leave a Comment

{ 1 trackback }

Previous post:

Next post: