Results 1 to 2 of 2

Thread: Hackers plant backdoor in blogging software

  1. #1
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Watching Your every move...

    Hackers plant backdoor in blogging software

    The Register

    Bloging software organisation WordPress has warned that hackers posted compromised versions of its open source software after breaking into one of the servers behind its website.

    Backdoor code was planted in version 2.1.1 as a result of the attack, WordPress warned on Friday. The organisation said it has recovered from the attack but is urging users to upgrade their software to version 2.1.2, which includes "minor updates and entirely verified files", as a precaution.

    Website defacements are ten a penny but attacks where hackers succeed in compromising systems are rare and far more dangerous.

    In a statement, WordPress explained what it did after receiving reports its software had become contaminated with exploit code.

    "It was determined that a cracker had gained user-level access to one of the servers that powers, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution," it said.

    WordPress reckons no downloads were altered except the 2.1.1 version of its code, so users running version of 2.0 of the software ought to be unaffected. Although only downloads of 2.1.1 made last week are potentially affected, WordPress has declared the entire version potentially unsafe.

    "If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately," WordPress advised.

    WordPress also reset passwords for a number of users because of the security flap.

    As a result, some users may have to reset their passwords on WordPress's forum as explained here.

  2. #2
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Software Paradise
    So silly of them... with more opensource exploits, people wont use them. But its good to see such a quick response from wordpress. hopefully their security levels will increase

    --- 0wN3D by 3gG ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts