Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wordpress.org Warns of Active Worm Hacking Blogs

Posted by timothy on from the in-this-case-the-worms-are-actually-human-beings dept.

Erik writes "Wordpress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a 'clever' worm that automatically compromises unpatched versions of the Wordpress system. The particularly nasty bug crawls the web for vulnerable Wordpress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, Wordpress founder Matt Mullenweg eloquently implored Wordpress bloggers to update more frequently. Originally, updating the Wordpress system was a rather laborious process; however, newer versions offer fast and simple one-click upgrades. The two most recent versions of Wordpress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at Wordpress.com are also apparently immune."

4 of 103 comments (clear)

  1. "Clever?" by Solra+Bizna · · Score: 4, Insightful

    There have been widespread worms that did this sort of thing before (phpBB comes to mind). Does this one do anything novel that makes it deserve the adjective "clever?"

    -:sigma.SB

    --
    WARN
    THERE IS ANOTHER SYSTEM
  2. Hey Wordpress... by pathological+liar · · Score: 4, Insightful

    Maybe you should stop putting the Wordpress version in meta tags on the page? Or at least make it opt(-in)ional?

    1. Re:Hey Wordpress... by StarHeart · · Score: 5, Insightful

      I wouldn't say it is snake oil. Putting versions in a page allows you to Google for it. Which makes the attack a lot easier. It also allows the attacker to do reconnaissance a lot less detectably a hold of time, and then spring it on everyone at once.

      --
      Havoc Penington, the bane of my Linux desktop.
  3. the problem with one-click upgrades by Anonymous Coward · · Score: 4, Insightful

    ...newer versions offer fast and simple one-click upgrades

    If wordpress.org is hacked, again, their one-click upgrade feature means instant ownage for all Wordpress blogs everywhere.