Everyone should have known about this exploit by this time but if you are running WordPress 2.1.1 from a download just several days ago, your WP blogs might have been compromised.
This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
You could be also running that cracked version. It’s strongly recommended that you upgrade to WordPress 2.1.2 now.
Please, help spread the word.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
Chris says:
I noticed there is a website (16q.com) that automatically copies my post to their site. The second i publish my post, naka-post na rin siya sa website niya. Is this the result of the said exploit? Di ba kapag duplicated ang content nape-penalize ng Google? I am really worried about this.
Abe Olandres says:
@ Chris
No, it’s not part of the exploit. That one is a scraper site. It gets your content from your RSS feed and auto-publishes it on its site.
One of the softwares that can do that is a WP plugin called FeedWordpress.
Chris says:
Thanks kuya. Isang question na lang po. Last year my google backlinks are more than 100. Pero ngayon po bakit naging 20 na lang? Napenalize po kaya ako ng google for duplicated contents dahil meron nga pong website na kumokopya ng posts ko? Ok lang naman sana yun kasi nilalagay naman niya yung link kung san nakuha yung contents kaya lang i’m worried na baka napepenalize na pala ako dahil dun.
Abe Olandres says:
Chris, Google doesn’t give you exact number of backlinks now. Try Yahoo Explorer instead — in Yahoo search, type “linkdomain:starmometer.com”.
For duplicate content, you can always file a DMCA complaint on the scraper’s web host.
Raymond Lee says:
well, i already upgraded my WP. but i still keep the compromised version to test the actual exploit. ^^
Maximus says:
I would like to see a continuation of the topic