main topics archive podcast connect
This form does not yet contain any fields.

    REQUIRED READING

    Notify Ricardo

    When you finish something, notify Ricardo (Executive Editor) via a private DM through Twitter.

    Okay Geek Traffic Traffic live stats Twitter activity Facebook Page Image compress app Tips & Guidelines Report a problem
    ← Previous Clean slate Next →
    Saturday
    Sep052009

    Wordpress Sites are under attack | You need to upgrade

    If you’re running a self-hosted WordPress blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack. Users of WordPress.com hosted blogs are not affected.

    There are two clues that your WordPress site has been attacked.

    There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

    The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

    All users are advised to upgrade to the latest version of WP, while those already affected are in for a trying weekend: you’ll likely need to export your all your content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too.

    For those unaffected: upgrade today. For those affected: the WordPress community is here to help.

    Upgrade Here

    Wordpress Community

    Discussion Threads

    Follow and Subscribe to Okay Geek - We always send our latest articles to Twitter, RSS, Facebook and more, as well as other awesome content we find interesting.

    Related Posts Plugin for WordPress, Blogger...