Thread: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

If you’re running a self-hosted WordPress blog that isn’t up-to-date (version 2.8.4), you’re advised to upgrade immediately to the latest version of the software to avoid an ongoing attack. Users of WordPress.com hosted blogs are not affected.

More on Mashable.Com

All my blogs are up-to-date, make sure yours are too!

I am already Inf3ected by this stupid attack and now I have to go to wp community for help .

There's a lot of good information here:
Old WordPress Versions Under Attack « Lorelle on WordPress

I have upgraded all my Wordpress-based sites a few days ago.

This is a pain. I'm upgrading a few blogs running wp 2.3 and I need to reinstall wordpress.

What if you have some minisites running wordpress you forgot about, and just are a bit lazy and just change the Unix file permssion on the whole public_html folder and every file to 555, Surly they couldn't modify anything without write permissions could they?

edit: Except it wouldn't protect against a SQL injection.

Yeap, a real pain. Haven't lost any yet, but I'm in the middle of a server move, so can't get to upgrade all today.

Yoo , Now I am free and upated all my blogs and database . 3 blogs were infected but now everything is fine .

Switch to dotclear.org or somethin else. WP is becoming a bad CMS.

Edit: I'm doing some research about this worm. If you have some apache logs with weird requests please send me an email. If you want to know more about my security skills check my portfolio. Your help will be greatly apreciated !

Thanks !

The sites that I'm using as weblogs, I've updated to 2.8.4

The older sites I will have to get to them later. Even with wordpress 2.7, you must re-install worpress as there is an auto install option.

As long as you have a back-up, I don't believe it is a big issue. It's very easy to delete the whole site and to do a clean install.