WordPress blogs under attack!
WordPress users, who have not already upgraded to the latest version (2.8.4) are vulnerable to a serious, active security threat. Respected WordPress blogger Lorelle, explains that there are two clues you should look for, to see if your WordPress blog has already been attacked.
Here’s what she says:
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
We are strongly recommending self-hosted WordPress bloggers, who are not already running the most up-to-date version to update their WordPress software as soon as possible.
If you have a WordPress blog hosted at WordPress.com, your blog will be fine. Blogs hosted at WordPress.com auto-update to the most recent software build and thus, are not vulnerable to this particular attack.
At the time of writing this, Automattic (the owners of WordPress) have not commented on the threat. If you have any additional news regarding this, please share it in the comments section.