“Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!”

I sort of have a habit of looking up subscribers to my blog. Thankfully there are not that many of them, so it’s pretty easy. When there’s a new one, I just google it. Two new ones were “OBSCURED EMAIL ADDRESS” and “OBSCURED EMAIL ADDRESS.” Googling these resulted in a slew of warnings on a hack exploit that exists in WordPress installs older than 2.8.4. which can allow nasty things like permalinks being changed to direct people elsewhere, as ArabCrunch points out.

Apparently, on older WordPress installs a hacker signs themselves up as a subscriber to follow comments, but can then do some sort of kung fu that changes their status to “administrator.”

If you’re operating a WordPress site, check for the following users:

• OBSCURED EMAIL ADDRESS
• OBSCURED EMAIL ADDRESS
• OBSCURED EMAIL ADDRESS
• OBSCURED EMAIL ADDRESS
• OBSCURED EMAIL ADDRESS

Fortunately, I had upgraded shortly after 2.8.4 came out because I’m sort of unnaturally fixated on keeping d3 on the bleeding edge whether it breaks this blog or not, so they weren’t able to run the exploit. But even if these addresses aren’t in your subscribers list, upgrade now.

Post-upgrade tips:

• Be sure to not use the default admin user name.
• Change your password.

I think this was what was affecting the previous version of The Committee to Protect Bloggers website a while back, but I didn’t know what the deal was so simply uninstalled everything, wiped it and re-installed using the latest version of WP. But it sounds like it’s much more wide spread.

Links:

• keep wordpress secure.
• WordPress Vesrions under Attack
• How to clean up your hacked WP installation.
• WP Permalink RSS problems.

Further advice: Holy Shmoly! and My Digital Life

Further note to the hacker(s) responsible: Do go and play in traffic.