Slashdot Mirror
Wordpress.org Warns of Active Worm Hacking Blogs
Erik writes "Wordpress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a 'clever' worm that automatically compromises unpatched versions of the Wordpress system. The particularly nasty bug crawls the web for vulnerable Wordpress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, Wordpress founder Matt Mullenweg eloquently implored Wordpress bloggers to update more frequently. Originally, updating the Wordpress system was a rather laborious process; however, newer versions offer fast and simple one-click upgrades. The two most recent versions of Wordpress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at Wordpress.com are also apparently immune."
No, I do not. Salted passwords have nothing to do with what essentially is the same thing as obfuscating banners on web or mail servers. Salted passwords significantly improve security. Obfuscating banners only adds a trivial amount of work to determine the version a server is running. Mind you, obfuscating banners certainly doesn't make things worse, so I actually agree that it should be a configurable option. I just disagree that it's a particularly worthwhile option because I agree with TFA in that obfuscating banners at most entices an attacker that is looking for any target to go for someone else because he'd have to run additional steps on you. It does absolutely nothing to help an attacker targeting you specifically. It may not even help with drive-bys depending on how trivial it is to determine the version by probing and checking responses - I must admit I don't know how trivial this is with Wordpress.
That doesn't have the least bit of an effect on exploitability of the bug, or its wormability.
The wp*.php files are very obvious give-away that you run wordpres.