UPDATE: Has ZDnet Been Hacked As Well?
» 17 Comments

Update: 4.7.08 @ 2115h: Looks like ZDNet was hit, as per John’s comment below, via an xml-rpc hack, and no — they aren’t running an old version of WP either, which makes one wonder how vulnerable the newer versions of Wordpress are.

Just to recap: earlier, I documented how Tailrank’s “spam” was accidentally documenting some massive hacking efforts into blogs around the world. What I didn’t realize was that one of the “victims” were one of the more more well known tech blogs in the blogosphere, ZDnet.

Thanks to some intrepid screen capturing it looks like Allen Stern has shown that at one time ZDnet’s own blogs may have been hacked. If you head over to Tailrank, you’ll find that under the “technology” section (as of this writing) there is a ton of credit-card spam. However, as I mentioned yesterday, these are all legitimate blogs that have been hacked.

What’s surprising is that a lot of them are blogs from ZDnet, such as Steve Gillmor’s Inforouter, or ITFacts. As I mentioned yesterday, the probable reason why they are showing up as “spam” is because the security of those blogs were hacked and malicious ‘invisble’ code was inserted, which is what Tailrank is picking up (by accident!)

I was twittering with Matt Craven last night who wondered if Wordpress vulnerabilities were the issue. That, in fact, *may* be the case, as certainly ZDnet are running pretty old versions of Wordpress which are probably sensitive to security breaches — in fact, if you look up the source code, they are running, as of this writing, Wordpress 2.1.3, which, in fact is more than a year old.

addendum: As per John from CNet below, they are not.

As of this writing, it looks like ZDnet has scraped out all of the ‘invisible’ code / links through cleaning up their headers, but they’ll do to upgrade to a more secure version of Wordpress (and its a lesson we should all take heed!).

MORE: Wondering where some of the Wordpress hackers come from? (not all, of course) Abe Olandres, former editor of the BlogHerald, notes that some of them are Philipino. He’s worked on some security problems in Wordpress and has found some of the comments to be in Tagalog. Furthermore, he sheds some light on exactly the kinds of Wordpress exploits that some hackers are using. <Disclaimer: Again, I am not suggesting that all hackers are Philipino, I only use the post to illustrate the issue>

Posted in Hacks, Security, Wordpress, ZDnet | Permalink
Apr
07
2008
12:20 pm