WordPress has posted a blog article regarding a worm going around the internet actively looking for a security vulnerability in all Wordpress blogs before version 2.8.3. The worm itself exposes itself in a couple of ways:

1. Strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7 D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
2. A “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

The damage that’s done can obviously be pretty horrendous. Permalinks all die, making your blog useless, and alas – tons of spam being inserted into old articles etc.

Protection

How do you protect yourself? Get upgrading! If you haven’t already done so, upgrading to version 2.8.4 is now a must. Follow this simple guide from WordPress – the important parts being

1. Backup Your Files
2. Backup Your Database

Then upgrade! I have to say though, upgrading brings the fear into me, and also takes some effort. I can understand why people don’t do it (the WordPress auto upgrade sometimes fails, and b0rks installs) – I guess you need to think security more than features!

I’ve been hit!

Numerous times yesterday I noticed via my web analytics spy that your beloved ReynoldsFTW category pages were being hit by this so-called worm via the strange URL above in (1). Which goes to show it’s pretty prevalent out there! This is not a drill!

Luckily though, I lucked out by upgrading to 2.84 some weeks back when it was released.

Help Others!

If you love your fellow man – hit the retweet button at the top and bottom of this article – let’s hug!

This entry was posted on Sunday, September 6th, 2009 and is filed under Technology, WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.