WP Blogs Targeted

July 24, 2008

It seems there’s a malicious person out there who’s targeting WordPress blogs by adding comments to bloggers’ old posts that contains a virus or something. The code inserted into the comment makes visitors’ anti-virus programs flag your blog as a Malware distributor. Obviously, people aren’t going to visit your blog if their resident anti-virus shield is warning them your site is harmful!

My partner Chris Butterworth got hit.  He’s rebuilding his blog now and having some difficulty with categories.  His categories aren’t displaying properly, but you can rest assured that his blog is NOT a Malware distributor.  I don’t think I know anybody less malicious than Chris Butterworth. You can absolutely visit the ButterHomes Blog safely!

To protect my own blog, I’m temporarily changing the comments policy. All comments must be approved by me before they’re posted. Sorry for the inconvenience. I know from experience that part of the fun of commenting on a blog is seeing your words in print immediately.

Worried about your own WordPress blog? Here’s the info Chris and I found while trying to fix his blog:

The commentor inserts code into several of your old posts. You can see this if you view your old blog posts in html mode. Best I can tell from reading various discussion boards about fixing this problem, you need to search individual posts for the offending text, then remove it.

The comments start and end with the phrase “Traffic Statistics” and contain this info:

• tripleW DOT wp-stats-XXXphp DOT info SLASH iframe SLASH wp-stats DOT  php

(obviously you’d need to replace my DOTs and SLASHes with the real thing when you search the text of your old posts)

See also http://www.pdxtc.com/wpblog/viruses-and-scams/virus-in-a-wordpress-post/

See also http://www.sophieslist.com/2008/trojan-wordpress-blog-get-rid-of-it