Tumblr 101: Tips And Tricks To Get Started
WATCH: Shredding On The Google Guitar!
Wordpress under attack, upgrade your blog now
Several sites are reporting that a major attack on Wordpress blogs started yesterday. The latest version of Wordpress, 2.8.4, is not vulnerable to this particular worm, so upgrading now could save you a lot of headaches. The worm creates a new, hidden administrator account on your blog, allowing whoever's behind this thing to access the guts of your blog, databases and all. How do you know if your site has been affected? Lorelle on Wordpress offers two possible ways to find out:
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are "eval" and "base64_decode."The second clue is that a "back door" was created by a "hidden" Administrator. Check your site users for "Administrator (2)" or a name you do not recognize.
Wordpress has acknowledged the attacks and encouraged users to upgrade their sites. Wordpress.com users aren't affected, as the whole system has already been updated to 2.8.4. If you've already been afflicted by the attack, start on the steps in Wordpress' FAQ.
[via Mashable]
Comments
4
Subscribe to commentsCjSep 6th 2009 5:47PM
HellDescent.com was affected. (Site I write for) It was a pain in the ass, luckily it was fixed.
JoshSep 6th 2009 7:49PM
Smashing Magazine (one of the most respected web development sites on the net) got hit too.
Jash SayaniSep 7th 2009 8:16AM
Damn! What versions are vulnerable ? Right from 2.0-2.7 ??
GTSep 7th 2009 11:12AM
I call BS. My site is running 2.8.4, And guess what. It's down.