SQL Injection Attack and Updating Wordpress

Written by Mark Sanborn: Apr 16, 2008

Well, today one of the blogs that I maintain for someone was compromised by an SQL injection. The hacker had apparently injected an invisible iframe that contained that loaded a website that contained a trojan. They had also placed invisible links to casinos, porn, and other shady sites.

The attacker was able to accomplish this attack due to a vulnerability in Wordpress. As with any code there is always a hole; it is just a matter of time before someone will find it. Fortunately Wordpress actually found the vulnerability long ago and it was fixed in a newer version. This blog was running Wordpress 2.0. I guess I wasn’t maintaining it very well. I neglected to upgrade it to the newer version of Wordpress costing me frustration. Fortunately the attack was caught within a few days before it did too much damage.

There were two warnings that allowed me to find the SQL injection exploit. The first warning was received when I noticed the stats for the blog were dropping rapidly. At first I attributed this to Google changing their algorithm and my blog was suffering from poor page rank since a rapid drop in visitors has happened before. The next warning was brought to me by an editor of the blog. He had said his anti-virus program had alerted him that the website was redirecting him to a known trojan site. The anti-virus that caught the attack was NOD32. This is another example of why I think NOD32 is the best anti-virus.

After doing a Google search for iframe SQL attacks in Wordpress I found many articles and people that had the same problem as I had. I even found an article on the Wordpress admin page that caught my attention. The article was, SecurityFocus SQL Injection Bogus The first paragraph says that the vulnerability doesn’t exist and people are simply “crying wolf”. I was frustrated at first by the artcile because the vulnerability was real and I was effected by it.

After further reading I found out that he was taking about people that claimed that the vulnerability still existed in the newer versions of Wordpress. The vulnerability definitely still effects Wordpress version 2.0

The Moral of the Story

Ironically I teach security practices like port knocking and picking strong passwords but I fail to update a blog that I am supposed to be maintaining. One of the most frequent causes for exploits is out dated software. Wordpress blogs are no exception.

So why didn’t I update it? I didn’t update the blog for multiple reasons:

  • I was afraid something might break

  • It takes time to do an update

  • Everything works fine so why update?

The same article that I was frustrated at first gave clear reasons for each of my excuses that I had for not updating Wordpress, as if being hacked by an injection vulnerability wasn’t a good enough reason!

I have now set up Wordpress with subversion to make updating easier. The next time Wordpress comes out with an update I will be one of the first to download and install it!

Need to print shipping labels on your site?

Checkout my product RocketShipIt for simple easy-to-use developer tools for UPS™ FedEx™ USPS™ and more.

Share: