If you haven’t yet upgraded to the latest version of WordPress 2.8.4, then it is bout time you did. Self-hosted WordPress installs prior to this version is under attack and the potential damage to its users is high. Matt writes,
Lorelle enumerates some symptoms to know if your site has been affected by the worm:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.
WordPress.com blogs are not impacted as they are up-to-date. Only versions prior to WordPress 2.8.4 are impacted.
Author: Jayvee Fernandez
Jayvee Fernandez has done his rounds in blog postings. He served as Technology Channel Editor for b5Media Inc and has founded the leading blog advertising and word of mouth network called BlogBank in the Philippines.
And now, he’s gone full circle, landing back with The Blog Herald, the resource that gave him his first blogging job in 2005.