Old WordPress Version Under Attack. Upgrade Now!

Posted in Wordpress Development on 5 September 2009 2 comments

Older version of WordPress are being attacked, so if you are still using wordpress 2.5 or 2.6, its too old and you must upgrade right now. All wordpress version 2.8.3 and later should be safe from this attack.

Signs of the attack
  • Strange characters in your permalinks (including eval and base64_decode). For example :

    example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

  • Extra administrator account in the users control panel which you cannot see
Check your blog for the signs
  • Visit your blog index and see if there are any strange permalinks.
  • Login into admin panel > Users > Check whether the number of Administrator is correct
How to prevent this attack?
  • Upgrade to the latest version
  • Change your admin password to a strong password
  • Change your FTP & mysql password
More Info

 

Posted by Zen on 5 September 2009 • 4,690 visits 2 comments
Tags : ,


or Subscribe to specific category only :




  - 2 Comments


Tami says:

I wish I had read this last week, I got attacked this week and took me 4 days to figure out what was going on…thankfully I got it fixed :)

zen says:

@Tami, remember to update earlier next time :)

Leave a Reply

You must be logged in to post a comment.

Previous Post
«
Next Post
»