Words have been spread everywhere on the internet that previous Wordpress versions are experiencing ongoing attacks. If you have a Wordpress self-hosted blog, but haven’t upgraded it to the latest version 2.8.4, you are advised to do so immediately to avoid the attack!
If you decide to upgrade your current Wordpress version, don’t forget to back up all your data first. Here is how.
The source of the news comes from Lorelle on WordPress. It has then been reported by tech blogs such as TechCrunch and Mashable! Just thought it’s necessary to share the news with the WebStudio13 community as well. Here is what Lorelle writes:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
