Attacker adds backdoor to WordPress blog software

User Rating: / 1
PoorBest 

by Stephen Withers

Wednesday, 07 March 2007

! If you downloaded the WordPress blogging software last week, be sure to upgrade to version 2.1.2. An unknown attacker modified two of the files in version 2.1.1, opening up a back door allowing remote execution of code. Related stories How Windows Vista is turning people to Linux Who writes Linux? (And how you can too!) Isn't Linux just UNIX under a different name? Apple's MobileMe status blog folds after four posts Talking Turkey: bloggers ban themselves in protest over banned blogs The attacker managed to get user-level access to one of the wordpress.org servers, and took advantage of that to modify the software available for download. "This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can," founder Matt Mullenweg wrote in a statement posted on the WordPress web site. "Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous," he added. Measures are being taken to prevent a repeat of the incident. According to Symantec security response engineer Masaki Suenaga, "a user who visits a Web page on a server containing the hacked WordPress software is not at risk, so long as the server has not been compromised by other malicious threats downloaded by the back door."{moscomment} Please enable JavaScript in your browser to post your comment! Tags See All Tags Blog  Blogging  Malware  Open Source  Security  Software  Stephen Withers  Get stories like this delivered daily - FREE - subscribe now

 

< Next story in category		Previous story in the category >