Is your WordPress blog under attack?

Posted on September 5, 2009 by Bean

A few weeks ago, I warned students about the necessity of keeping their WordPress blog updated. If your blog is hosted on wordpress.com, it is updated. This warning is for self hosted blogs. The latest version, WordPress 2.8.4, closes a hole in previous versions that allowed hackers to create a backdoor administrator account on your blog.

Unfortunately, a lot of WordPress bloggers did NOT heed the warning to update that appeared at the top of their blog administration panel. A serious attack has been launched this weekend and hundreds of blogs have already been affected. Mashable it doing their part to spread the word about this attack and the need to upgrade immediately to WordPress 2.8.4.

How serious is this threat? Lorelle VanFossen tells her readers to stop reading her post until the reader is sure that their blog is updated. Don’t worry about finding out if your blog is affected first. She instructs WordPress bloggers to do the update first, then take a look to see if the blog was compromised. Lorelle offer two clues to look for:

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.

What to do if your blog is affected?

These hacks are digging down deep into WordPress installations, even the database may be affected. The severity of the attack will determine how much work you have to do to eradicate it. Lorelle’s post details options and instructions on how to repair the damage. In addition, prevention is always the best route and Lorelle reviews some of the best measures to secure your blog. Even if you blog is not affected, it is well worth your time to review her advice on securing your blog.

Please note: I have seen a number of bogus registration attempts on blogs this past week. Even if your blog is up to date, you can help secure your blog by turning off the Anyone can register option. Go to Settings > Membership options to turn off this feature.

Reblog this post [with Zemanta]
This entry was posted in Troubleshooting, Wordpress and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv Enabled

Spam Protection by WP-SpamFree