You are here: Home Career Spammers Hijack Joomla and WordPress Sites
Saturday, 19 May 2012 14:41

Spammers Hijack Joomla and WordPress Sites

Written by 
Rate this item
(0 votes)
Spammers Hijack Joomla and WordPress Sites

Security experts found many compromised WordPress and Joomla Web sites used by spammers to advertise sketchy diet pills and counterfeit luxury goods. The owners of these sites are most likely unaware of what is going on.

Web masters often fail to check their sites’ subdirectories for signs of malicious files and Web pages, thus allowing cybercriminals to use the domain’s reputation to host their scams. Attackers often brute-force administrator passwords to gain access to a site’s back end.

Once the criminals gain access, they inject a Web shell into an existing plugin by utilizing the Theme Editor. The shell is leveraged to create a subfolder to which a WordPress installation package is uploaded. After obtaining the MySQL credentials from the wp-config.php or configuration.php files, depending on whether the site is Joomla or WordPress-based, the attacker is able to install their own theme and make a fully operational Web site.

These sites represent "doorways" that point unsuspecting visitors to malicious domains. Experts discovered around 3,000 compromised Web sites that stored such doorway blogs. Reportedly, some of the blogs that advertise slimming and luxury goods were created in March 2012, but there were a few created 1 year ago. The hijacked sites also host phishing pages that try to trick users into disclosing online banking credentials and other sensitive data.

Source: http://news.softpedia.com/news/Spammers-Promote-Fake-Luxury-Goods-on-Hijacked-Joomla-and-WordPress-Sites-270345.shtml

Read 416 times Last modified on Tuesday, 22 May 2012 11:41
Published in Career
Tagged under
Rich Wermske

I am a native Houstonian, disabled American veteran, aspiring Buddhist, and a 40-Something information technology leader, paralegal, and management wonk, living life on life's terms, with my partner of eleven years.

While I still struggle with humility, I strive to make willingness, honesty, and open-mindedness a cornerstone in all my affairs. I work hard, and I believe I play well with others.  Eleven years of sobriety has taught me that none of "this" means a damn thing if I'm unwilling, dishonest, or close-minded.

While I've lived the roller-coaster, today I rarely have to defend or justify the actions of that person I see looking back at me in the mirror...

Website: www.wermske.com

Latest from Rich Wermske

Related items

More in this category: « Change Begins with Desired Results 5 Ways to Improve IT Effectiveness »
back to top
I don't agree with all of this, but it's food for thought. -rw