Warning to WordPress Users

Date Put forth on March 2, 2007 by XicanoPwr
Category Posted in Blogging, Misc


If anybody is using [tag]WordPress[/tag] 2.1.1, don’t! It seems, some cracker (not the gringo kind, its another term for a hacker) played with the software code. From WordPress:

If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

I have noticed that people have been complaining about getting a lot of spam. I wonder if this the reason.

Lucky for me, I decided to upgrade to 2.1.1 this morning. However, if I were anybody who did upgrade and is either running WordPress through a web host and/or your own server. I would make sure your firewalls and any other intrusion detection system is up. You never know, what malicious code was put into the software.

Here is the link to download the newer version of WordPress.

Related posts

  • No related posts.

Tags | Print This Post Print This Post |
functional

4 Comments

You can follow any responses to this entry through the Feed Comments (RSS) feed.

  1. Gravatar Icon Yolanda Carrington Mar 3rd, 2007 at 4:17 am

    Thanks for the heads-up, XP!

  2. Gravatar Icon XicanoPwr Mar 3rd, 2007 at 7:19 am

    No problem Yolanda. I sort of find it odd how the hacker went about hacking the system. It looks like the hacker knew somebody from WP.

  3. Gravatar Icon nezua limón xolagrafik-jonez Mar 3rd, 2007 at 3:07 pm

    deee-amn.

  4. Gravatar Icon VC Mar 6th, 2007 at 5:57 am

    Hilarious!

Sorry, comments for this entry are closed at this time.



Justicia“Because we have suffered, and we are not afraid to suffer in order to survive, we are ready to give up everything - even our lives - in our struggle for justice.” — César Chávez

functional

Libertad“Ignorance and obscurantism have never produced anything other than flocks of slaves for tyranny.” — (Emiliano Zapata's letter to Pancho Villa)

Bear
functional