11 responses to “HACKED! How To Fix This WordPress Worm That’s Been Going Around” RSS icon

  • Thanks for the info. This is the reason, as you say, that is good to keep blog software updated, and WordPress releases a lot of quick security updates, so there is no reason to not do it. 🙂
    .-= ** Check out greven´s last blog .. Wallpapers of the Week =-.

  • Of all the 8 blogs affected, I didn’t see any new USER added with administrator privileges .. this is both looking at the “next number” to see if it is hidden and directly via phpMyAdmin. I did delete any ‘subscriber’ users and names that I did not recognize however.

    We were out at the cottage this weekend, and on Friday the blogs were okay. Had I been online more, I probably would have seen all the tweets and warnings and upgrade before my blogs were affected – I believe that to be true. Oh well!

  • WordPress 2.8.4 which addresses the issue was released on August 12th, long before you went on a trip to the cottage.

    wordpress.org/development/2009/08/2-8-4-security-release/

    However, I think you’ve learned your lesson. Also wanted to mention that if a blog has been compromised, the solution is to not upgrade to 2.8.4 since that won’t do any good but to just wipe out the site and start over with a fresh database, fresh administrator accounts, etc on the latest version. At least this way, you can have the peace of mind of there not being any backdoors on your installation.
    .-= ** Check out Jeffro´s last blog .. WordPress Idea Roundup =-.

  • Jeff .. on every blog that was affected, it wasn’t an issue that I started with e.g. 2.8.2 or 2.8.3 and didn’t upgrade to 2.8.4. latest version. When I choose to upgrade to the next version 2.8+ I keep it up to date. My understanding that even that 2.8.4 link vulnerability was a result of the 2.8.3 upgrade.

    The selected blogs in question were the ones that I chose to keep at the highest 2.7+ versions – which, I thought were safe – and deliberately did NOT upgrade until certain plugins caught up in development. If I knew older version were at risk with virus or worms and saw all the warnings I would certainly have disabled my affected plugins and upgraded during the interim.

    With 60’ish blogs, i don’t screw around here 🙂

    PS it was 30c at the cottage, and wasn’t paying attention to the tweets.

  • Sorry to hear you got hit by that one man!

    And I agree with Jeff – timely upgrades are a must.

    Alex
    .-= ** Check out Alex Sysoef´s last blog .. Expert WordPress Automated Blog Installer =-.

  • The Entrecard blog got hit by this one at the weekend too. Luckily I either use Blogger or create sites in HTML / CSS, so it didn’t target anything of mine.
    .-= ** Check out John | English Wilderness´s last blog .. Common Blue Damselfly =-.

  • I was dragging my heels on the latest wordpress update, but I had the good sense to do it sometime last week.

    Boy, what a relief that I didn’t have to contend with this one. I am glad that others will be prepared with the fix you offered.
    .-= ** Check out Jay Zuck´s last blog .. Jason, Where Have You Been? =-.

  • Great tutorial on getting rid of those nasty worms. We’ve seen it happen to a few blogs and it can be a pain to fix.

  • Thanks for the info.I always try to keep my WordPress blogs updated to the latest version, but some important plugins may not work after that because they are not compatible with the newest WP version.So it´s a little dilemma…

    -Tom Lindstrom

  • It is also easy to backup and transfer all your websites from one server to another server if you have cPanel installed`;,

  • try www.guru.com/ I used to be listed on there – it’s all well established and both client and developer are well protected.


Leave a reply