Anyone Want to Help Fix these Compromised WordPress Blogs?

OK gang. I need help.

I’m SLAMMED with work but I’d really like to find SOME way to alert these bloggers who have had their blogs compromised by this Trojan/Worm.

These people are going to be REALLY harmed by this since Google’s probably just going to zero out their pagerank for a while.

I need someone that can either contact these people manually or write code that can automatically post a comment to their most recent blog post.

It doesn’t look like WordPress would block these because it won’t be picked up by Akismet. That and it’s not spam since we’re trying to help these people.

I’ll give you a list of 200-300 blogs and you do the rest.

I figured it was at least worth asking…


  1. Kevin,

    why don’t you just write this to the wordpress developers, who can send messages to people’s wordpress installations? It is a more official and maybe better way to get the word around…

    Just a thought.

  2. I’ll take a look at it, shouldn’t be hard to simulate a new comment for wordpress comment — there. Let me know.

  3. I’m willing to help out with this. But would this be considered spam? I’d be willing to give a discount to people who have been compromised, but don’t want to abuse their sites or spam them.

  4. Feel free to ping me via IM on this…

    I don’t think it would be considered spam btw.

  5. Yesterday I discovered a related but different symptom of compromised WordPress blogs. These blogs are actively working a zombies, making outbound requests on behalf of some controlling hacker master. I describe this is more detail here:
    http://faseidl.com/public/item/200919

    We are running a security package called SlimeGate that, among other things, is compiling a database of IP addresses of compromised WordPress blogs.

    I’d be happy to shares these IP addresses with anyone working to help clean up these sites.

  6. marielynnrichard

    I counted them and I made a chart! We have 608,000 blogs to upgrade folks, lets get to it!

    I do tell all my prospects that they HAVE to upgrade and for the past week I have been doing it as we consult on the phone for other things. At first I figure a large part of these must be inactive but then again WordPress bloggers who self host are usually quite active, that’s why Google likes us so much…

    Ian Kellen who initiated this discussion did write to bloggers only to be ignored. Me contacting hundreds of people out of the blue to warn them is spamming no matter how Friendly a Webmaster I am LOL

  7. You know,

    if they’ve been hacked, and their blogs are spamming, and they get mad when we contact them, maybe that’s ok :)

    Seriously, these guys need to upgrade or get off the net :)

  8. The list of compromised WordPress server IPs that have attacked just one of my servers has grown to 767 in less than two weeks. There seems to be a steady stream of new IPs showing up at a relatively constant rate.

    Are the later versions of WordPress secure against this type of trojan/worm exploit?






%d bloggers like this: