We’re hearing of numerous reports that older versions of WordPress are exposed to security threats. WordPress is one of the largest blogging engines with over 5,317,360 – and counting – downloads for their latest version, 2.8. Many large blogs, including TechCrunch, rely on WordPress to get the news out and post content online.
Writes Lorelle on her WordPress-centric blog:
There are two clues that your WordPress site has been attacked:
First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
Continue »