Wordpress vulnarability need to upgrade to 2.8.4

Matt Gannon · 09-05-2009, 03:18 PM

WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]
Update your wordpress before it comes under attack.

internetmarketer99 · 09-05-2009, 03:31 PM

Yup, just received this from my server host:

The following is a notice for those clients who use WordPress on their VPS or Dedicated servers. Normally we post vulnerability notices in our community forums; however, we are aware that a large number of our clients use WordPress.

If you’re running a self-hosted WordPress (WordPress) blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack.

The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REF ER ER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

All users are advised to upgrade to the latest version of WordPress immediately.

Mark

internetmarketer99 · 09-05-2009, 03:36 PM

There's a WP plugin called dbmanager that makes backing up your WP database a breeze. Not only will it backup the database, it will optimize & repair 'broken' databases. And, it will automatically backup the database and email you a zipped file at whatever intervals you specify.

It's ALWAYS a good idea to backup your database before upgrading.

WordPress › WP-DBManager WordPress Plugins

Mark

xtreme newbie · 09-05-2009, 04:22 PM

Saw this on Mashable. Just upgraded 12 blogs. Hope people see this message before their sites are affected. It's a holiday weekend in the states and I bet a lot of Warriors may not be tuned into the forum.

radhika · 09-05-2009, 04:56 PM

Thanks. I just upgraded mine.

.

Goatboy · 09-05-2009, 06:56 PM

In the process.

hibernate · 09-05-2009, 07:02 PM

Upgrading my 3 blogs. Actually was holding off on upgrading from WP 2.7 since the 2.8x upgrade handle blog title edits as a 302 redirect, not a 301. It didn't used to do that.

09-05-2009, 03:18 PM	#1
Matt Gannon HyperActive Warrior Join Date: Mar 2009 Location: Hudson, NH Posts: 253 Thanks: 61 Thanked 21 Times in 15 Posts Contact Info	Wordpress vulnarability need to upgrade to 2.8.4 WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] Update your wordpress before it comes under attack.
	http://grill-tools.net/

09-05-2009, 03:31 PM	#2
internetmarketer99 Klingon War Room Member Join Date: Jun 2008 Location: , , . Posts: 1,054 Blog Entries: 5 Thanks: 178 Thanked 277 Times in 93 Posts	Re: Wordpress vulnarability need to upgrade to 2.8.4 Yup, just received this from my server host: The following is a notice for those clients who use WordPress on their VPS or Dedicated servers. Normally we post vulnerability notices in our community forums; however, we are aware that a large number of our clients use WordPress. If you’re running a self-hosted WordPress (WordPress) blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack. The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes: There are two clues that your WordPress site has been attacked. There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REF ER ER%5D))%7D%7D\|.+)&%/. The keywords are “eval” and “base64_decode.” The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account. All users are advised to upgrade to the latest version of WordPress immediately. Mark
	= = = = COMPLETE, CUSTOM ADSENSE SITE = = = = *VERY Limited WSO. 100% Guaranteed.* MY Expertise, YOUR Profit. Read the thread.

09-05-2009, 03:36 PM	#3
internetmarketer99 Klingon War Room Member Join Date: Jun 2008 Location: , , . Posts: 1,054 Blog Entries: 5 Thanks: 178 Thanked 277 Times in 93 Posts	Re: Wordpress vulnarability need to upgrade to 2.8.4 There's a WP plugin called dbmanager that makes backing up your WP database a breeze. Not only will it backup the database, it will optimize & repair 'broken' databases. And, it will automatically backup the database and email you a zipped file at whatever intervals you specify. It's ALWAYS a good idea to backup your database before upgrading. WordPress › WP-DBManager WordPress Plugins Mark
	= = = = COMPLETE, CUSTOM ADSENSE SITE = = = = *VERY Limited WSO. 100% Guaranteed.* MY Expertise, YOUR Profit. Read the thread.

09-05-2009, 04:22 PM	#4
xtreme newbie Active Warrior War Room Member Join Date: Aug 2009 Location: Michigan Posts: 93 Thanks: 60 Thanked 14 Times in 14 Posts Social Networking	Re: Wordpress vulnarability need to upgrade to 2.8.4 Saw this on Mashable. Just upgraded 12 blogs. Hope people see this message before their sites are affected. It's a holiday weekend in the states and I bet a lot of Warriors may not be tuned into the forum.
	Extreme Newbies Two affiliate marketing newbies share resources and a lotta lessons learned on the way to making money online.

09-05-2009, 04:56 PM	#5
radhika Senior Warrior Member War Room Member Join Date: Aug 2003 Location: Jamaica. Posts: 2,183 Thanks: 25 Thanked 99 Times in 83 Posts	Re: Wordpress vulnarability need to upgrade to 2.8.4 Thanks. I just upgraded mine. .
	WSO : * Follow up Autoresponder PRO - FREE Shopping cart and FREE Membership script - 50% DISCOUNT!! * TRACKtheCLICK - CLICK & LINK Tracking, CAMPAIGN Tracking, ROI Tracking Script!

09-05-2009, 06:56 PM	#6
Goatboy HyperActive Warrior War Room Member Join Date: Apr 2009 Posts: 131 Thanks: 66 Thanked 11 Times in 9 Posts	Re: Wordpress vulnarability need to upgrade to 2.8.4 In the process.

09-05-2009, 07:02 PM	#7
hibernate Active Warrior War Room Member Join Date: Dec 2007 Location: USA Posts: 46 Thanks: 1 Thanked 3 Times in 2 Posts	Re: Wordpress vulnarability need to upgrade to 2.8.4 Upgrading my 3 blogs. Actually was holding off on upgrading from WP 2.7 since the 2.8x upgrade handle blog title edits as a 302 redirect, not a 301. It didn't used to do that.