8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

Wordpress vulnarability need to upgrade to 2.8.4

by Matt Gannon
6 replies
WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]
Update your wordpress before it comes under attack.
#upgrade #vulnarability #wordpress
  • Profile picture of the author internetmarketer99
    Yup, just received this from my server host:


    The following is a notice for those clients who use WordPress on their VPS or Dedicated servers. Normally we post vulnerability notices in our community forums; however, we are aware that a large number of our clients use WordPress.

    If you're running a self-hosted WordPress (WordPress) blog that isn't up-to-date (version 2.8.4), you're advised to upgrade immediately to the latest version of the software to avoid an ongoing attack.

    The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new "hidden" Administrator account and getting right down to the database level. These attacks are said to be "growing by the hour". Lorelle writes:

    There are two clues that your WordPress site has been attacked.

    There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REF ER ER%5D))%7D%7D|.+)&%/. The keywords are "eval" and "base64_decode."

    The second clue is that a "back door" was created by a "hidden" Administrator. Check your site users for "Administrator (2)" or a name you do not recognize. You will probably be unable to access that account.

    All users are advised to upgrade to the latest version of WordPress immediately.


    Mark
    Signature
    = = = = COMPLETE, CUSTOM ADSENSE SITE = = = =
    VERY Limited WSO. 100% Guaranteed.

    MY Expertise, YOUR Profit.
    Read the thread.
    {{ DiscussionBoard.errors[1154675].message }}
  • Profile picture of the author internetmarketer99
    There's a WP plugin called dbmanager that makes backing up your WP database a breeze. Not only will it backup the database, it will optimize & repair 'broken' databases. And, it will automatically backup the database and email you a zipped file at whatever intervals you specify.

    It's ALWAYS a good idea to backup your database before upgrading.

    WordPress › WP-DBManager WordPress Plugins

    Mark
    Signature
    = = = = COMPLETE, CUSTOM ADSENSE SITE = = = =
    VERY Limited WSO. 100% Guaranteed.

    MY Expertise, YOUR Profit.
    Read the thread.
    {{ DiscussionBoard.errors[1154683].message }}
  • Profile picture of the author xtreme newbie
    Saw this on Mashable. Just upgraded 12 blogs. Hope people see this message before their sites are affected. It's a holiday weekend in the states and I bet a lot of Warriors may not be tuned into the forum.
    Signature
    Color Me Social Techie sisterpreneurs helping time and tech challenged small business owners use social media and other online tools for growth and profit.
    {{ DiscussionBoard.errors[1154757].message }}
  • Profile picture of the author Goatboy
    In the process.
    {{ DiscussionBoard.errors[1155024].message }}
    • Profile picture of the author hibernate
      Upgrading my 3 blogs. Actually was holding off on upgrading from WP 2.7 since the 2.8x upgrade handle blog title edits as a 302 redirect, not a 301. It didn't used to do that.
      {{ DiscussionBoard.errors[1155034].message }}

Trending Topics