Do you run an older version of WordPress?? You may be vulnerable to an attack!
Lorelle on WordPress discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:
There are two clues that your WordPress site has been attacked.
- There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFER ER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
- The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.
All users are advised to upgrade to the latest version of WordPress immediately. Let us know if we can help with your upgrade.
Thanks for the post on this. I was going to post on it and still might because it seems like the one afflicting me is a bit different in that no one is sure the newest version of wordpress stops it yet. The result of the hack is it displays spam links in the header of your news feed in Google Reader. It uses PHP code inserted backwards in your database. Here’s the fix via gulker.com http://bit.ly/kKdWP
[...] this page was mentioned by Al (@twowheelgeek), Paul McEwan (@paulmcewan), Dave (@fuzzydave), splitmango (@splitmango) and others. [...]