Wordpress 2.1.1 Exploit!

March 3rd, 2007
Wordpress

If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

Via Wordpress.org

As I type, I am updating all the Wordpress sites I run. Poor Wordpress. Don't people have anything better to do than to make stupid hacks. I remember one time I was running a phpBB forum for something and some random jerk hacked its index file. The dumb thing about it was that all he did was create a floating layer with an image saying "You've been hacked by blahblah! HAHA!". Seriously. How is that supposed to be worth the 5 minutes it takes to probably insert those lines of code. It took me two seconds to clean it up. Lame.

And what would be the point of hacking a bunch of blogs? I bet its some scammer from Nigeria who is mad that no one is taking his "PRINCE CALLABALLA NEEDS YOU" emails seriously anymore because we all got smart. So he wanted to hack a bunch of blogs in order to mass post his scams so some poor little old lady who is surfing on her dial up connection just to buy a new set of knitting needles will be bombarded with "I NEED TO TRANSFER A MILLION DOLLARS" blog entries all over the Internet. And she will feel bad for this desperate soul all by himself in a foreign country and send him all her pension checks.

What a sad, sad goal in life. To scam poor little old ladies.

Comments

This is an old post, so both comments and trackbacks are currently closed. If you wish to leave a response, please contact me.

Sarah Mar 03, 2007

Thanks for letting us all know, that’s scary. :S

Melissa Mar 03, 2007

No problem! :D

I had logged into my admin and saw it on the dashboard feed and practically panicked! I hope the word gets around quickly to all the other WP users!

Cristina Mar 03, 2007

I love my one-click installs and upgrades!

HAHA, your “PRINCE CALLABALLA NEEDS YOU” bit made me laugh hardcore. It’s so so true!! Damn Nigerians, mwah hah!

Jessica Mar 03, 2007

That’s just sad. Even though nothing comes out of it, I think people enjoy doing stupid things like that just say that they were able to break through something. Kind of like “Sticking it to the man..” ha, sorry… just watching School of Rock right now. To be honest, I couldn’t put myself in those peoples shoes because they just don’t make sense. But that was quite funny and well put about the little old lady. I’d love to see my great grandmother use a computer for the first time.

Angela Mar 03, 2007

It’s so stupid, I agree. It’s sad that most people don’t have better things to do with there time then shit like that.

Hanna Jun 24, 2008

*shrugs* I guess I have to update then 8| . Already idea makes me tired and I have one-click-upgrader…