Wordpress users please read

[PaullasPaullas is verified member.]

WordPress › Blog How to Keep WordPress Secure

 

[SkinnerSkinner is verified member.]

If you have 2.8.4 your clear, and you can check if your clean by looking at the permalinks menu if anything funky has happened.

Specifically look for eval and base64_decode in there, which is the method of injection.

You can also look for a consealed admin too, you will probably need to disable javascript to tell, so firefox or opera are your friend.

If your infected, its going to be a long long night, as its infection has spread into the database, so upgrading WONT fix it.


**edited now I'm on my PC**

 

[DomainPortfolio.ukDomainPortfolio.uk is verified member.]

Another link about this that someone posted on twitter earlier: Old WordPress Versions Under Attack Lorelle on WordPress

 

[AlienAlien is verified member.]

Thanks for the heads up; only got one site on WP, which I've now updated to latest version (I just love the auto update feature via FTP in the Control Panel, so easy!).

 

[bensdbensd is verified member.]

Thanks for the heads up; only got one site on WP, which I've now updated to latest version (I just love the auto update feature via FTP in the Control Panel, so easy!).

It is much better, you can also now browse and upload new themes through the control panel.

WARNING - IF YOU HAVE AMENDED ONE OF THE DEFAULT TEMPLATES.
If you have amended one of the deafult templates this will be overwritten when you do an auto upgrade.