Skip to Content

Submit your nominations for the Luxist Awards' Best in Decor
AOL Tech

Filed under: Security, News, Blogging

Wordpress under attack, upgrade your blog now

by Jay Hathaway (RSS feed) Sep 6th 2009 at 5:35PM

Several sites are reporting that a major attack on Wordpress blogs started yesterday. The latest version of Wordpress, 2.8.4, is not vulnerable to this particular worm, so upgrading now could save you a lot of headaches. The worm creates a new, hidden administrator account on your blog, allowing whoever's behind this thing to access the guts of your blog, databases and all.

How do you know if your site has been affected? Lorelle on Wordpress offers two possible ways to find out:

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are "eval" and "base64_decode."

The second clue is that a "back door" was created by a "hidden" Administrator. Check your site users for "Administrator (2)" or a name you do not recognize.

Wordpress has acknowledged the attacks and encouraged users to upgrade their sites. Wordpress.com users aren't affected, as the whole system has already been updated to 2.8.4. If you've already been afflicted by the attack, start on the steps in Wordpress' FAQ.

[via Mashable]

Tags: exploit, security, upgrade, wordpress, worm

Get a WordPress.com Blog

jobs & resumes
Lead Blogger

AOL Find a Job - New York, NY (3 weeks ago)

See More Relevant Jobs ›

Reader Comments (Page 1 of 1)

Add your comments

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.

Featured Time Waster

The World's Hardest Game 2.0 - Time Waster

So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do. Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game. The mechanics of the game are very simple. You are a small red square, ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Livescribe Store
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

Most Commented On (7 days)

Recent Comments

More Tech Coverage

AOL Radio