Blackhole Exploit Kit Attacks on WordPress Websites

I’ve recently found out about a disturbing new exploit that’s happening with WordPress websites (just like this one). Some malicious code gets uploaded to your WordPress blog that basically redirects you to a site where the exploit root kit id downloaded.

From what I’ve found it seems that the main culprit for allowing this is the Tim Thumb script that’s used extensively in a lot of commercial WordPress themes. There is supposed to be an easy fix for this though. ┬áIn the Tim Thumb script file (this could be named a few different things depending on your theme) you need to check and change the values for these areas in the file.

The value for ALLOW_EXTERNAL must be set to false.
define( 'ALLOW_EXTERNAL', false );

Remove ALL entries from the $allowedSites variable.
$allowedSites = array ();

This is supposed to secure the script. I have a feeling that there will turn out to be more to it then this, but for now this is the accepted solution.

This exploit has affected 1,000’s of WordPress sites around the world, and will affect more until people do something about upgrading or removing the Tim Thumb script on their sites.

This is yet another lesson to all of us that we must keep our sites up-to-date. Security is always a moving field. As soon as an exploit like this is blocked, another one is found.

Leave a Reply

Your email address will not be published. Required fields are marked *