WordPress server hacked, downloads rigged with serious flaw

WordPress server hacked, downloads rigged with serious flaw

Summary: An unknown cracker broke into a server hosting downloads of the popular WordPress blogging software and rigged the file with a remotely exploitable code execution vulnerability.News of the hack comes directly from WordPress creator Matt Mullenweg:  "If you downloaded WordPress 2.

SHARE:
TOPICS: Servers
10
An unknown cracker broke into a server hosting downloads of the popular WordPress blogging software and rigged the file with a remotely exploitable code execution vulnerability.

News of the hack comes directly from WordPress creator Matt Mullenweg
"If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately."WordPress

Mullenweg described the code planted into the download as "unusual and highly exploitable" and stressed that the 2.1.1 download was the only thing touched during the attack.

"This is the kind of thing you pray never happens, but it did and now we're dealing with it as best we can. Although not all downloads of 2.1.1 were affected, we're declaring the entire version dangerous and have released a new version 2.1.2 that includes minor updates and entirely verified files. We are also taking lots of measures to ensure something like this can't happen again, not the least of which is minutely external verification of the download package so we'll know immediately if something goes wrong for any reason, he added.

He did not say how the attacker was able to breach the server.

Now, WordPress is trying to get the word out to any user who may have downloaded the rigged version 2.1.1.

If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.

If you are a web host or network administrator, block access to "theme.php" and "feed.php," and any query string with "ix=" or "iz=" in it.

Topic: Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Getting the Word Out

    Thanks for letting us know. I am passing your link around to help get the word out.
    tomsims1@...
  • Thanks for the alert.

    I recently did a review for CyberpunkReview.com and used WordPress to write it, and others use it as well for their reviews. I've alerted the admins about the WordPress hack, although they may already received a message about it when they logged onto their accounts.

    Getting the word out and everyone in the know was vital, especially for admins.
    Mr. Roboto
  • Surely anything that curbs the blight of bloggers on the Internet is good?

    (NT)
    Scrat
    • LOL!

      If only it impacted the bloggers...
      ejhonda
    • Blight?!?

      Gee, I hope that you are using 2.1.1 to write your responses to
      a ZD-Net BLOG!!! What do you think this story is that you are posting in response to? I'll give you a hint- Third tab from the left at the top of the page.
      justanitguy
      • There really isn't a blight

        There really isn't a blight of bloggers on the internet. This person probably thinks that any form of expression that is not monitored and controlled by the government is bad.
        Leria
  • thanks, Ryan

    Very helpful to the community.

    Kind regards
    Narr vi
  • A VIRUS FOUND IN A DOWNLOAD FILE

    Does this mean that all downloaded programs have virus in them?How do you think that the hacker does this?The file to be downloaded sits,maybe,in the site's computer.The hacker goes right in to the master download program file in that computer then alters it somehow with a virus.The hacker looks at the program in hex,line by line?Or the hacker does his copy/paste a virus right on to the exe file.This virus insertion is undetected by the site's security and firewall.
    BALTHOR
  • didn't this happen to word press a few weeks ago?

    according to netcraft.com they are running litespeed webserver. they need to get apache that is their problem.


    <Br><Br>
    <a href="http://www.astawerks.com"> http://www.astawerks.com</a>
    astawerksdotcom
  • RE: WordPress server hacked, downloads rigged with serious flaw

    what version are they up to now on wordpress? is it more secure?

    http://www.xtremedirectory.com
    astawerksdotcom