Older versions of WordPress under attack
To quote Lorelle: Update your WordPress blog before you continue reading this post. That’s how critical this issue is.
“Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!”
I sort of have a habit of looking up subscribers to my blog. Thankfully there are not that many of them, so it’s pretty easy. When there’s a new one, I just google it. Two new ones were “obierebelominepyb@gmail.com” and “naomyrotenford@gmail.com.” Googling these resulted in a slew of warnings on a hack exploit that exists in Wordpress installs older than 2.8.4. which can allow nasty things like permalinks being changed to direct people elsewhere, as ArabCrunch points out.
Apparently, on older Wordpress installs a hacker signs themselves up as a subscriber to follow comments, but can then do some sort of kung fu that changes their status to “administrator.”
If you’re operating a Wordpress site, check for the following users:
- janson206@Safe-mail.net
- pulvillarrac@gmail.com
- bugbeemershonyhe@gmail.com
- obierebelominepyb@gmail.com
- naomyrotenford@gmail.com
Fortunately, I had upgraded shortly after 2.8.4 came out because I’m sort of unnaturally fixated on keeping d3 on the bleeding edge whether it breaks this blog or not, so they weren’t able to run the exploit. But even if these addresses aren’t in your subscribers list, upgrade now.
Post-upgrade tips:
- Be sure to not use the default admin user name.
- Change your password.
I think this was what was affecting the previous version of The Committee to Protect Bloggers website a while back, but I didn’t know what the deal was so simply uninstalled everything, wiped it and re-installed using the latest version of WP. But it sounds like it’s much more wide spread.
Links:
- keep wordpress secure.
- Wordpress Vesrions under Attack
- How to clean up your hacked WP installation.
- WP Permalink RSS problems.
Further advice: Holy Shmoly! and My Digital Life
Further note to the hacker(s) responsible: Do go and play in traffic.
“We must not confuse dissent with disloyalty. We must remember always that accusation is not proof, and that conviction depends upon evidence and due process of law. We will not walk in fear – one, of another. We will not be driven by fear into an age of un-reason, if we dig deep in our history and our doctrine, and remember that we are not descended from fearful men; Not from men who feared to write, to speak, to associate, and to defend causes that were – for the moment – unpopular.”