latest update

Vulnerabilities with open source blogs or content management systems like Wordpress, Joomla etc.

Dear Clients,

This announcement is for the webmasters and administrators of websites that use Wordpress, Joomla or other open source blogs or content management systems. Recently it has come to our notice that many such sites have been victims of unauthorized access and hacking, leading to defacement or destruction of necessary data, files and contents of the website sometimes extending beyond recovery.

Wordpress has been reported to having multiple SQL Injection vulnerability. A search in www.google.com will show such reported instances. You can check the following URLs for some details and references

The vulnerabilities are different for every version and needs a careful observation to trace. You need to be aware of these at all times. Similar instances have been reported for Joomla also.

We request you the administrators to be vigilant and track all the activities in your website and take action for suspicious activities and users. To start you can follow a few points given below:

Stay updated with latest fixes from the provider
Check their reported bugs and fixes announcements regularly
Have a strong password and change it often
Check the website access logs for any suspicious entries
Check for URLs with encoded strings that are not present or desired
Check the Users database for unapproved users or users without necessary validating data like email, name etc. Delete such users immediately.
Administrate all the entries by users
Enforce new users to validate emails prior to approval and login
Restrict admin users to minimum Do not access from non-trusted or public computers or insecure networks
Check your computers for Trojan or Malware infections regularly

We hope that this information will prove useful and you will be able to secure the website in a better way. Please feel free to contact us for any further assistance or clarification.

Posted on: Wednesday, 6th January 2010 8:18 AM