WordPress Hack Attack – Is your blog safe?
It wasn’t a very pleasant feeling to log in to the blogosphere and twittersphere to find that WordPress was under attack.
To be more precise, all blogs running self-hosted WordPress that weren’t up to date were facing a threat from hackers. The latest version is 2.8.4 and for your own sake, it is better you upgrade right away! Apparently, the attack has not affected blogs hosted on wordpress.com.
Basically, the worm seeks to exploit holes in previous versions by taking control of admin accounts and also compromising the database integrity. A couple of ways to know if your blog has been hit;
a) You will notice some weird strings added to your permalinks, like xyz.com/title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The danger words here are “eval” and “base64_decode.”
b) Another way to confirm this is via the site users panel, where a hidden admin account will have been created.
Recovering from an attack will be an extremely painful process, including but not limited to firstly cleaning the content, exporting it, uninstalling & reinstalling WordPress and then importing the content after ensuring there is no malicious code in it.
As Matt explains in his post on How to Keep WordPress Secure, upgrading is like taking your vitamins, fixing a hack is open heart surgery 
, so upgrade NOW !!
Facebook comments: