I checked my hosting clients logfiles for entries to “GET /wp-admin/link-add.php” which is what will be logged whenever a Wordpress admin calls the page to add a new link. That is followed by an entry for “POST /wp-admin/link.php” which is the submission form post for a new link, and the end result is an entry for “GET /wp-admin/link-add.php?added=true”. Well, what I found was about 50 calls to “POST /wp-admin/link.php” without any calls in the proper order for a normal transaction through the Wordpress dashboard. Obviously somebody had discovered an bug in the Wordpress software and was using it to use an automate HTTP POST’s to exploit “link.php”.

To exploit this bug in Wordpress, a hacker must have registered as a user with the blog in question and I’ll go no further into how the exploit is carried out in case there are any potential losers who reading this article who would like to know how to carry this out. Anyway, here’s what you can do to prevent this type of attack from happening on your Wordpress blog.

This entry was posted on Tuesday, March 18th, 2008 at 11:16 pm and is filed under Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.