-
September 8th, 2009Recommendation
Grrrr.
These blogs of mine were affected by the recent wordpress worm that has been spreading across the internet ..
BattlingForHealth.com
AndYouWill.com
CatLvr.com
FishLvr.com
BirdLvr.com
PapillonLvr.com
HorseLvr.com
and this one – HART-Empire.comWhat Happened?
Everybody is linking here on twitter and around the web .. so I will do that too ..
Please Read: Lorelle on WordPress – Old WordPress Versions Under Attack (Sep 4/2009)
Basically, all the permalinks from the above blogs had this attached to it:
/[old-permalink-post-title]/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/
How widespread has it been? Even Scobleizer was hit!
WordPress offers some advice – but it doesn’t really offer a solution (that I can find).
HOW TO FIX YOUR BLOG IF YOU ARE AFFECTED
The best fix that I found was on Andy Sowards blog –
UPDATED! Breaking: WordPress MySQL injection – how to fix latest attack %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
Let Me Recap: It’s not that hard to do.
1) Fix your Permalinks (settings/permalinks/update)
> You can do this in your blog .. just remove the custom permalink modification by this worm2) Check and Remove (if exists) any new Administrators – could be hidden.
> You can do this from your blog, or see via phpMyAdmin in your cPanelDo Yourself A Favor
If you haven’t been hit with this wordpress worm, upgrade to the latest wordpress version 2.8.4.
If you have been hit with this wordpress worm, upgrade to the latest wordpress version 2.8.4.
There is always good reason to keep upgrading to the latest version, and it’s all security and peace of mind. WordPress makes it so easy to upgrade now – all you have to do is push a button – so, there should be no reason why you wouldn’t want to have the latest version around.
Tags: hacked, wordpress worm -