| | ||||||||
| |||||||||
 |
09-05-2009, 03:18 PM
| #1 |
| HyperActive Warrior  Join Date: Mar 2009 Location: Hudson, NH
Posts: 321
Thanks: 99
Thanked 25 Times in 17 Posts
|  Wordpress vulnarability need to upgrade to 2.8.4 WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] Update your wordpress before it comes under attack. |
| | |
|  |
|
09-05-2009, 03:31 PM
| #2 |
| Banned War Room Member Join Date: Jun 2008 Location: , , .
Posts: 1,036
Blog Entries: 5 Thanks: 175
Thanked 360 Times in 92 Posts
| Re: Wordpress vulnarability need to upgrade to 2.8.4
Yup, just received this from my server host: The following is a notice for those clients who use WordPress on their VPS or Dedicated servers. Normally we post vulnerability notices in our community forums; however, we are aware that a large number of our clients use WordPress. If you’re running a self-hosted WordPress (WordPress) blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack. The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes: There are two clues that your WordPress site has been attacked. There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REF ER ER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.” The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account. All users are advised to upgrade to the latest version of WordPress immediately. Mark |
|
| |
|
09-05-2009, 03:36 PM
| #3 |
| Banned War Room Member Join Date: Jun 2008 Location: , , .
Posts: 1,036
Blog Entries: 5 Thanks: 175
Thanked 360 Times in 92 Posts
| Re: Wordpress vulnarability need to upgrade to 2.8.4
There's a WP plugin called dbmanager that makes backing up your WP database a breeze. Not only will it backup the database, it will optimize & repair 'broken' databases. And, it will automatically backup the database and email you a zipped file at whatever intervals you specify. It's ALWAYS a good idea to backup your database before upgrading. WordPress › WP-DBManager WordPress Plugins Mark |
|
| |
|
09-05-2009, 04:22 PM
| #4 |
| HyperActive Warrior War Room Member  Join Date: Aug 2009 Location: Michigan
Posts: 115
Thanks: 69
Thanked 23 Times in 23 Posts
| Re: Wordpress vulnarability need to upgrade to 2.8.4
Saw this on Mashable. Just upgraded 12 blogs. Hope people see this message before their sites are affected. It's a holiday weekend in the states and I bet a lot of Warriors may not be tuned into the forum.
|
| Color Me Social Techie sisterpreneurs helping time and tech challenged small business owners use social media and other online tools for growth and profit. | |
|
| |
|
09-05-2009, 06:56 PM
| #6 |
| Steve War Room Member  Join Date: Apr 2009 Location: USA
Posts: 420
Thanks: 496
Thanked 62 Times in 54 Posts
| Re: Wordpress vulnarability need to upgrade to 2.8.4
In the process.
|
|
| |
|
09-05-2009, 07:02 PM
| #7 |
| Active Warrior War Room Member Join Date: Dec 2007 Location: USA
Posts: 47
Thanks: 1
Thanked 3 Times in 2 Posts
| Re: Wordpress vulnarability need to upgrade to 2.8.4
Upgrading my 3 blogs. Actually was holding off on upgrading from WP 2.7 since the 2.8x upgrade handle blog title edits as a 302 redirect, not a 301. It didn't used to do that.
|
|
| |
 |
|
| Tags |
| upgrade, vulnarability, wordpress |
| Thread Tools | |
| |
 |
