Security alert for WP!!!

[sunfunbill]

OK, it's late, i'm tired. But this is important.
There is a security hole in wp that has been infected by something. I read it on the wp forum while trying to install wp 2.5.1.

Here is the thread:
http://wordpress.org/support/topic/168964?replies=30

Once I read it, I checked my files and yes, 3 of my blogs have been hacked. No one knows what is going on. If you don't have wp 2.5, but on the bottom where your version is, it says 2.5, you've been hacked.

I noticed that a few weeks ago. This all happened on the 12 or so. Read the above thread, I bet most have been hacked.

Fucking hackers! Going to bed now.

[mynameisjim]

People should check this.

But to be honest, every version of Wordpress has some pretty big security holes.

But even without wordpress, I'm shocked by how many sites are hacked and the owners don't even know it. I would always notice it on other people's sites then last week it was even on one of mine before I got it cleaned up. With mine, they injected a bunch of links in the blogroll but since I almost never look at the front page of that blog, I never noticed it.

[balls_deep]

Good info bill, I was hacked about a week ago and that's exactly what the bottom of wordpress said.

The code seems to be inserted in the wordpress files not the template, so writing over it with a new version fixed the problem.

you can also hand check for inserted code as well, Mine was inserted at the end of my html page all the way on the right after a bunch of white space used to hide the code.

[sunfunbill]

Hey balls. It also says your database gets infected and new plugins are inserted in your wp-options table. I tried to get into mine, but something is blocking me.

I have let ATCI know, they are working on it. So today will be shot doing this. Also, if you go to "manage your post" you see the author of each post. With this, that field is blank, you can't see any author.

Mine has that. It say it collects all your usernames including your database names. I would look around a bit more for stuff. And change your username in wp.

[sunfunbill]

Well, it looks like the whole server is infected, and I bet all of them are. Think of all the hundreds of splogs, using old versions and never being looked at again by the webmaster.

Those things are full of viruses, thousands of little bombs out there!

Not sure what they will do now, my sites are off.

[sunfunbill]

To anyone who thinks they got rid of this by deleting a few lines, your wrong. It is in your database, your upload folder and images if you use that, anything you have set at 777.

It adds a user you cannot see, in the wp-options table in your database.

[Cozy Monica]

Something to note is that it isn't just the old versions of WP... the article you linked to Bill says that it applies to version 2.5 as well, and I see that WP has just released 2.5.1. I don't know if that fixes up this latest hole or not.

[sunfunbill]

2.5.1 is suppose to fix 70 holes. I hope that was one of them, all of mine now are 2.5.1.

Now I'm a real believer in keeping it updated. But wp is still full of holes. Funny thing is, this virus does not seem to do anything. Which makes you think it is trying to get into as many as it can before it does,,, something!

[Cozy Monica]

Yes, a lot of viruses just get in there and spread.... they just sit dormant until a certain date, and then BAM!

WordPress does have a lot of holes... large open source scripts usually do. However, it's still the best free script out there for such things, in my opinion.

This, however, is why we drive our hosts absolutely nuts, because we all use scripts like this, and don't know a lot about them. It means that things are left wide open to attack and they end up struggling to fix things for us when it all goes wrong.

[SinSational]

Quote:

Originally posted by Cozy Monica
This, however, is why we drive our hosts absolutely nuts, because we all use scripts like this, and don't know a lot about them. It means that things are left wide open to attack and they end up struggling to fix things for us when it all goes wrong.

on behalf of all hosts, thanks for acknowledging this.

[Cozy Monica]

Quote:

Originally posted by SinSational
on behalf of all hosts, thanks for acknowledging this.

I have programming experience, so I can imagine how frustrating it is as the administrator in such situations!