The researchers who discovered the attacks say a design flaw in the WordPress blogging platform was the underlying problem because by default it allows users to set up permissions that let anyone read their blog's wp-config.php file configuration files, and because WordPress stores the bloggers' credentials in plain text.
"A few people got hacked last week and asked us to help," says David Dede, founder of Sucuri Security, which also uses WordPress for its own blog. "We fixed them and in one site, just after we fixed it, it got hacked again. Looking at the logs, we didn't see any access in there at all, so the attack didn't come from the Web."
Dede says after further analysis and more complaints of hacked blogs, he and his team found that the blogs were getting hit with a malicious iFrame, and that the blogs were all hosted on Network Solutions' servers. Most were running the newest version of WordPress, 2.9.2, he says
The link for this article located at Dark Reading is no longer available.