You may or may not have heard about the security issue with certain versions of Wordpress. The rumor is that Wordpress 2.6, out a full month ahead of time, fixes this issue, detailed below:

Some versions of Wordpress have been open to a big security issue - SQL injection. Apparently, this particular attach targets Wordpress Blogs with high PR. A vulnerability in the Wordpress application causes several things to occur:

• A SQL injection occurs. This causes a line of code to be added to your blog posts. This line typically looks like this
  
• This line of code is inserted into the posts it infects. Inside of the wp-stats.php code, which keep in mind is AUTOMATICALLY displayed in the post due to the <iframe> code, contains a malicious Javascript file.
• This Javascript file attemtps to upload the virus, Downloader, to your computer. You can read more about Downloader here. Basically, Downloader attempts to connect to the internet and download various other viruses to your computer.

Now, here’s something that I found interesting. Another exploit is found for Wordpress. It is unclear if these two exploits, however, I believe that they are. This exploit causes the following:

• A new folder is created on your Blog. http://yourblog.com/wp-content/1 is created, along with numerous junk HTML files and a Javascript file.
• All of the junk HTML files link to the Javascript file, which is encoded. After looking through it, it appears that this JS file attempts to redirect the visitor to another site, typically a spammy site, such as those related to Poker, Casinos, Viagara and the like.

As stated earlier, the latest version of Wordpress (2.6) is supposed to fix these bugs, among others. How do you fix your blog if you’re infected?

If you discover the added lines of code shown above, or a variation, you will need to clean your database of all instances of this line of code. If you know MYSQL, you can do this using a QUERY, as well as various other methods. It is possible to clean the entries via the Dashboard of your blog. I would strongly recommend upgrading to Wordpress 2.6 first, however.

After upgrading, you can go to MANAGE - POSTS and search for various strings of text contained in the bad code, such as:

• <iframe>
• <!– Traffic Statistics –>
• wp-stats.php

You get the idea. Any/all instances of this code MUST be removed from EACH AND EVERY POST.

Next, check your USERS. There has been some documentation suggesting some relationship between a user and the issue. Delete any/all users that you do not recognize.

Now, check on your server for the added folder (http://yoursite.com/wp-content/1). Delete that entire folder and it’s contents from your server. If you cannot access your server, you may need to contact your hosting provider to assist you.

This is a nasty Wordpress exploit to be sure, but it has not changed my belief in the Wordpress application. It is still the best blog program out there, in my opinion, and the quick response to this issue proves that the team is on top of things.

Bookmark It

Hide Sites