Just got an email from my hosting provider:
"The following is a notice for those clients who use WordPress on their VPS or Dedicated servers. Normally we post vulnerability notices in our community forums; however, we are aware that a large number of our clients use WordPress.
If you’re running a self-hosted WordPress (WordPress) blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack.
The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFER ER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
All users are advised to upgrade to the latest version of WordPress immediately."
"The following is a notice for those clients who use WordPress on their VPS or Dedicated servers. Normally we post vulnerability notices in our community forums; however, we are aware that a large number of our clients use WordPress.
If you’re running a self-hosted WordPress (WordPress) blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack.
The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFER ER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
All users are advised to upgrade to the latest version of WordPress immediately."
