The blog-o-sphere has been buzzing about the popular wordpress blogging platform getting hacked and their sites being redirected to anyresults.net.
Via Donncha O Caoimh‘s blog:
Remember a few weeks ago there was all that noise about WordPress blogs getting hacked? Remember how everyone was urged to upgrade their blogs. You did upgrade didn’t you? No? It was inevitable that you’d be hacked. If you haven’t been hacked yet, it’s only a matter of time.
Unfortunately for some who did upgrade, it was too late. The hacker slimeballs may have known about the security issues before we did and went about their merry way breaking into blogs and websites, grabbing usernames and passwords, and planting backdoor scripts to log them in again at a later date.
That’s how even diligently upgraded blogs were hacked. The bad guys got there before you.
In the last week the hackers have started again. There is no zero day WordPress exploit. There is no evidence that version 2.5.1 of WordPress is vulnerable to any exploit at this time. They’re using the old exploits all over again. This time they’re redirecting hits from Google to your blog. Those hits are instead being redirected to your-needs.info and anyresult.net
Donncha also has a good technical analysis of the exploit in his post – Did your WordPress site get hacked? And JD posted how to manually get rid of the hacks – Patching the WordPress AnyResults.Net Hack.
If you are still running an older version of WordPress, I would check if your site has been hacked yet, cleanup the system if necessary, do a database backup, and do a clean WordPress 2.5.1 install.
But there also has been talk about sites running the latest WordPress version 2.5.1 and are getting hacked too. Now this could be because the user didn’t upgrade properly to the latest version and didn’t cleanup the old files. There hasn’t been official word from the WordPress folks yet, so the only thing we can do is monitor our sites.