Wordpress Alert - VPS/Dedi Users Take Note

Jizzlobber

Moist
Mar 7, 2007
3,620
133
0
Just got an email from my hosting provider:

"The following is a notice for those clients who use WordPress on their VPS or Dedicated servers. Normally we post vulnerability notices in our community forums; however, we are aware that a large number of our clients use WordPress.

If you’re running a self-hosted WordPress (WordPress) blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack.

The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFER ER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

All users are advised to upgrade to the latest version of WordPress immediately."
 
  • Like
Reactions: bobsoap


Thanks for the heads up. I know there was many issues with the last update. For me to successfully update and not have any issues I deactivated all plugins then used the auto update.
 
I have banned a few IP's from China and Japan what keeps visiting and refreshing my sites.
These hit my sites every 5 seconds (seen in the logs).
This joke started about 3 days ago.
 
Had a full server worth of sites hit a few weeks ago (like right after 2.8.1). Updated everything to 2.8.4 then.

What a mess. I had probably 50 WordPress installs all running active sites hit...
 
2.8.3 is also secure from the hack that's going around right now. So if you are on that version you don't HAVE to upgrade.

Some things you can do if you can't upgrade:
- Stop using admin as a username
-- Create a new admin account, and delete admin

- Change your file AND folder permissions (if you can do things like add new plugins or edit your themes from within WP, so can bad scripts)

- Double check that registrations are disabled

- Install WP DB Backup or something similar and get a backup of your DB every damn day.

- Backup your files every week.

- Install one of the WP Security plugins to check things over

- Watch your rankings on search engines closely (Webmaster Tools anybody?)

There are many other tips out there that can help people running old version survive without too many problems.

Grindstone - What are you modding that you need to keep using an old version? If you are changing core files, pay someone to change those mods into plugins. If you have custom plugins, depending on what version you are on, they still should work, not many DB changes have happened recently.

Good luck to everyone.