Posted on September 6, 2009 by by valerirojas

Reports are coming out from Mashable andĀ Lorelle on WordPress about a hack attack on all websites using WordPress as their blogging application. Everyone has been asked to upgrade toĀ (version 2.8.4).

“Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an ā€œattackā€ on older versions ofĀ WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now:Ā UPDATE NOW!!!”Ā Lorelle on WordPress

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such asĀ example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are ā€œevalā€ and ā€œbase64_decode.ā€

The second clue is that a ā€œback doorā€ was created by a ā€œhiddenā€ Administrator. Check your site users for ā€œAdministrator (2)ā€ or a name you do not recognize. You will probably be unable to access that account, butĀ Journey Etc. has a possible solution.

To prevent this form of attack,Ā update your WordPress site IMMEDIATELY to the latest version. Change ALL passwords to astrong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.

So I guess I was almost right when I said hackers are trying to attack popular blogs…!!

Tweet