WordPress Exploit & Bug “0 day”

Date September 5, 2009

Stumble it!

>

I would like just to mention this as I know many of you use wordpress there is an exploit / vulnerability / bug that is going on. We have many sites using wordpress and the first one was hitted by this one. We have worked hours trying to find out what is going on and we have received an email from one of the server company that there is an exploit.

The site was Exploitx.com the hacker (would say cracker or kid) was playing with MySQL. When someone entered the site that was impossible to join the site it creates like an infinite loop that will keep loading the site. I don´t have any more specific issues or how to fix it or prevent it, just waiting for a new upgrade if there is any. The big problem is that our wordpress yesterday was the old version and we upgrade it before this problem. Today after upgrading we encountered with the problem.

May be the hacker inserted the malicious code before we upgrade to 2.8.4. Who knows! Here is an email from one of the hosting company:

it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFER ER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

All users are advised to upgrade to the latest version of WordPress immediately.

Post to Twitter

Hosting of the Month


FatCow Web Hosting. Free Trial , Free Setup, Free Support All risk free!

What's Next?




 Subscribe To GoogleLady

 Digg It

 Save This Page

 Sphinn It

 Stumble it!

 Favorite This Post

 

Category Posted in General

One Response to “WordPress Exploit & Bug “0 day””

  1. mike s. said:

    September 9th, 2009 at 9:14 am

    Thanks for this blog post most of my sites uses wordpress and it seems that the exploit is from old wordpress versions

    Anyways, it seems that wordpress community is in red alert for those new bugs and exploits

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>