Wordpress 2.1.1 Cracked!
There's a new version of wordpress out today (2.1.2), from the Wordpress blog:
Quote: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
Bad joo joo! I know a few people are running Wordpress around here, so thought I'd better warn you all. You should upgrade as quickly as possible.
Good luck.
a Padded Cell our articles site!
Megan posted this at 16:02 — 6th March 2007.
She has: 11,421 posts
Joined: Jun 1999
Um, sweetie, I already did:
http://www.webmaster-forums.net/showthread.php?t=37714
And that alert came up 4 days ago, according to my wordpress dashboard. Did I not tell you I had to upgrade my wordpress on Sunday?
Megan
Connect with us on Facebook!
JeevesBond posted this at 16:27 — 6th March 2007.
He has: 3,956 posts
Joined: Jun 2002
Good ole idiots on Slasdot posting article duplicates. Evil smelling blighters.
demonhale posted this at 02:25 — 7th March 2007.
He has: 3,278 posts
Joined: May 2005
Oh no! an internal debate. LOL! Megan did warn earlier about it...
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.