wordpress-logoKepada pengguna WordPress yang masih belum upgrade ke WP 2.8.4, sila upgrade blog anda kepada version yang terkini. Maklumat dari wordpress developers mengatakan pengguna blog versi lama terutama sekali pengguna yang mengaktifkan fungsi “Anyone can register”, paling mudah terkena serangan ini. Untuk pengguna versi sebelum 2.7, anda perlu upgrade secara manual.

Pengguna wordpress.com, anda tak perlu risau sebab kat situ memang diorang dah upgrade ke versi terkini.

Source : Lorelle

Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!

How Do I Know If My Site Has Already Been Attacked?
There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.

WordPress.com blogs are not impacted as they are up-to-date. Only versions prior to WordPress 2.8.4 are impacted.

Old WordPress Versions Under Attack – UPGRADE ALERT
Tagged on:             

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: