Thread: WP akismet user : watch out, big secrurity breach ....

from my webhosting and antifraude.net reply :

We run some checking and would like to update you on the reason of the injected script.

196.29.210.100 - - [21/Oct/2012:00:53:06 +0800] "GET //wp-content/themes/Webly/cache/s.php?x=img&img=ext_css HTTP/1.1" 200 570 "http://propertyagent.my//wp-content/...kismet&sort=0a" "Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1"

As you can see, akismet plugins were injected and make changes through the page:
http://propertyagent.my//wp-content/...ly/cache/s.php

s.php is the backdoor script that used by the attacker to upload the malicious script.
Its recommended to change your used theme on your page, as obviously there is vulnerables on the theme 'Webly' you using.

and i make some simple search on google, the problem exit since jun but akismet don't take it serious, now it hit me ....... lucky found out fast enough ...

Last week we experienced a comment spam attack from China. I found out that when that happens, Akismet temporarily suspends their API key and stops working. Over 3500 spam comments stacked up in the Pending queue before we blocked a large range of IP addresses from China. Fortunately, Akismet does capture the IP address of the comment submitter, so was easy to identify the IPs of the attackers with a simple MySQL query.

The bad part was that Akismet stopped working an all sites that use that API key, so we had spam comments stacking up on multiple sites.