Google up inurl:wp-content/1/ [Warning: just google it up, don't visit any of the site in the search results. They are full of activeX viruses!]. This is what I see now:
What you see is a list of sites that were hacked through the latest WordPress Vulnerability that allows hackers to insert spam into your blog.
This is just great. WordPress is the most common blog software out there, and at this minute there are over 90,000 website that were spammed (still counting…) I’m sure that most of these sites owners never heard of this exploit and some of them will probably never will. The damage is enormous. This exploit made them look like spammers in Google eyes, and Google like Google – She never forgets anything. If you are a spammer, you are out of the index in one second.
In my opinion, the best way to deal with these hacks is Active Network Scanning. This kind of services are usually provided by an external company that scans your site for vulnerabilities on a daily basis (like Hacker Safe, but better). Once a new vulnerability is discovered to the world, it is automatically added to their scanning system and is tested on your site. This can definately help you sleep better.
Life shows that there is no way your web site can be safe. It is just the nature of software that it is full of holes. If only you scan your website for vulnerabilities, at least you know about it on time and hope there is something you can do about it…
Important comment: if you are not in this list, it does not mean that you are safe. There are lots of other URLS that were used for this attack… This IS fun!
update: (April 12 2008): Checked again the list, and it seems like most of the hacked pages were removed from Google’s index. It DOES NOT mean that the vulnerability is fixed, it just means that Google had identified that these pages as pages that should be ignored and removed from the index. This is semi good news for those that were hacked and afraid their ranking will go kaput. Just semi because they are still vulnerable and will surly be attacked again in the next wave…
It seems like the number of WordPress vulnerabilities is growing constantly. The most popular blogging software that exists is becoming a huge security hole. In fact, this post is written with WordPress and it feels less secure than ever. This makes me think about moving my blog to blogger or wordpress hosting site, instead of fighting the patches on my own server.