Mashable - The Social Media Guide - Latest Comments in WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Natalie — Tue, 10 Nov 2009 20:42:10 -0000

And all my wordpress websites were hacked YESTERDAY while running 2.8.5 - with the eval injection - so what the hell? Obviously the exploit hasn't been blocked in the latest versions of Wordpress.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Guest — Mon, 09 Nov 2009 03:13:00 -0000

Double post. Sorry!

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

kristiambrose — Mon, 09 Nov 2009 03:12:32 -0000

I haven't been able to even log in TO my site TO fix anything these last few months. Ever since Host Gator got their grubby little hands on it and screwed everything up - including the colors, design and alignment. So I gotta ask, what the hell do I do now? I cannot log in at all lol. Its a blank page! Help!

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

khokon — Fri, 06 Nov 2009 10:57:16 -0000

Just install it on www.gramantor.com and not found any virus :)

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

D J Tolley — Tue, 20 Oct 2009 06:50:02 -0000

i upgraded and it seemed to keep all my themes intact

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Andy Fitzpatrick — Fri, 16 Oct 2009 10:46:05 -0000

Must admit I was a little hesitant in updating because of loads of past problems with other software packages but this was a dream to install. A real one click solution for a change.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

lauren — Mon, 21 Sep 2009 23:58:51 -0000

this isn't my hack problem. i keep getting keywords injected into my footer. upgrading didnt help. :(

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Marte — Sat, 19 Sep 2009 02:54:06 -0000

OK - I see a hidden user... but I have no clue how to:

export content with the built-in XML WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too.

Non-techs like me should use pencil and paper and forget this! But... I can't. So... where is the XML Wordpress export tool? And what does it export to? and then, how do I get the hacked code out in order to put the content back in?

Oh boy am I confused!

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

DrewAPicture — Tue, 15 Sep 2009 12:23:30 -0000

It IS affecting 2.8.4. My company's site got sploited last night and we're running 2.8.4.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

charles rinehart — Sat, 12 Sep 2009 01:07:00 -0000

I'm just glad I have Blogger. Wordpress is much too complicated for me. Great story thanks.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Emma — Thu, 10 Sep 2009 16:43:51 -0000

I think I've been hit. In my User area it's telling me I have 3 administrators when I know for a fact I'm the only one. The only thing is, when I click to see the administrators it only shows me.

Also, I noticed last week it had changed the permalink structure, but I brushed it off thinking it was something to do with Dreamhost, and just changed it back thinking nothing of it.

Is there somewhere that lists how to solve these problems? I mean, I've heard it goes right into the DB so if I upgrade the DB will still be effected.

My site is somewhere where people can register and post, but I've done it so they can't access anything in wp-admin (because it lists everybody's posts in there and I don't want them to see that) So they only have access to the write-post.php page.

A while ago I tried to update it to the latest version but it didn't want to work the way I wanted it to. But it looks like I'm going to have to upgrade.

First things first, how to fix the DB from being affected? Anyone know?

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Ben Lang — Thu, 10 Sep 2009 14:49:01 -0000

it almost got me, thanks for the warning...

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

E-TARD The LifeCaster — Tue, 08 Sep 2009 18:35:37 -0000

This is bad
I see soo many blogs running old versions of wordpress.
ppl really need to update.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

AndyBeard — Mon, 07 Sep 2009 19:56:02 -0000

Sorry I didn't bookmark or promote the link, as at that time it seemed very isolated and hadn't been fixed - too long ago to find it in my Twitter search

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

nar321 — Mon, 07 Sep 2009 14:23:12 -0000

I feel that at least one web host hadn't done enough to protect blogs. I had a up to date stable version of WP and was still hacked( am no longer with that Web Host), Also that WordPress should take this opportunity to harden the security in WordPress

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Free XBox Live — Mon, 07 Sep 2009 11:39:38 -0000

"For those unaffected: upgrade today. For those affected: the WordPress community is here to help."

That is all. MOVE ALONG PEOPLE, nothing to see here!

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Caro — Sun, 06 Sep 2009 23:32:41 -0000

My blog was affected!! they completely ruined it, but luckily I've a friend who's helping me fix it and get all the data back.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Name — Sun, 06 Sep 2009 22:09:41 -0000

Thank you for the helpful link to the page to upgrade Wordpress.

Oh wait, that's right, you didn't.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Patrick Dickey — Sun, 06 Sep 2009 17:51:13 -0000

The understanding that I took from http://friendfeed.com/scobl... (specifically Matt from WordPress's comments) is that they release a fix right when it's done-- not in a bundle like your Operating System does. And someone else mentioned that their versioning system increments every time they make a fix. That's why you're seeing a lot of upgrades. Or would you rather they sit on the fix for anywhere from one to twelve months until they have "enough" of them to make the upgrade worthwhile?
Have a great day:)
Patrick.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Patrick — Sun, 06 Sep 2009 17:40:26 -0000

For the people who are whining because their plugins or theme's may not work, my advice is this. If it doesn't work, disable it and contact the developer. If it's a plugin or theme that you absolutely can't live without, there's a good chance that it's already been upgraded to work with the latest version.

In the scheme of things, everyone needs to ask themselves this question... "Which is worse, my plugin or theme not working, or my site getting hacked and trashed (along with my reputation by my followers)?"

I'd rather have a plugin or them that's broken, then have my followers say "Don't go to any links from his site. I did and ended up with <insert malware,="" virus,="" or="" other="" problem="" here="">."

Have a great day:)
Patrick.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

cdub09 — Sun, 06 Sep 2009 14:41:02 -0000

Thanks for the article. I did a manual upgraded my WPMU site and everything went smooth.

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Martín Noziglia — Sun, 06 Sep 2009 14:16:48 -0000

Who can you tell me if Wp´s upgrades make your blog get slow?

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Martín Noziglia — Sun, 06 Sep 2009 14:13:06 -0000

Upgrade is ready ;)

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Travel gear reviewer — Sun, 06 Sep 2009 11:49:28 -0000

I can't get in to upgrade. Wordpress appears to be overloaded. "Briefly unavailable for scheduled maintenance. Check back in a minute." (I've been getting that for an hour.)

Re: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

Chris Heald — Sun, 06 Sep 2009 10:10:06 -0000

Fortunate it's not a zero day. Exploits of this nature suck, but at least it's been fixed in the Wordpress trunk for a while. Sucks to be people who didn't upgrade and got hit, though.