WordPress Attack: Upgrade NOWPosted by Loki on Sep 5, 2009 in Data Management, WordPress | 2 comments
If you are hosting WordPress on your own server it is vital that you upgrade to the current version now. Here are some of the details from Lorelle on WordPress, read them now and update ASAP:
Update your WordPress blog before you continue reading this post. That’s how critical this issue is.
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.
Read her entire post and Upgrade now, before it becomes a digital migraine.
George “Loki” Williams is the owner of SocialGumbo, LLC