According to Mashable there are two clues that your blog has been successfully attacked by the computer worm:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
Webmasters are asked to update their blogs to the latest version of Wordpress immediately. Those that have been hit by the computer worm should backup all files, export their settings, and do a clean install of Wordpress. More help is offered at the Wordpress website.
Rant:
It’s Sunday and it is time for a little rant. Webmasters who do not update their blogs as soon as a new version of their blogging software is released are acting stupid. A Wordpress update usually takes less than ten minutes and ensures that the blog and server is protected from attacks like these. Webmasters who do not have the time to perform these updates should consider switching to a hosted blogging platform like that at Blogger or Wordpress.com. The automatic update option that has been introduced in recent Wordpress versions makes it even easier to update the blog as soon as a new version is released. Webmasters who cannot do this should not operate a self hosted blog, period.
No comments:
Post a Comment