Wordpress sites under attack

diego · **Joined:** Tue Aug 05, 2008 5:01 pm **Posts:** 111

Can you make a rule to prevent this kind off attack?

Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!

Update your WordPress blog before you continue reading this post. That’s how critical this issue is.

Here is the link to this issue:

http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/

mikeshinn · **Posted:** Sat Sep 05, 2009 5:52 pm

We'll look into it right away.

mikeshinn · **Posted:** Sat Sep 05, 2009 6:12 pm

You may already be protected from this, we put put a JITP some time ago for the wordpress priv escalation and admin reset attacks (http://www.darknet.org.uk/2009/08/wordp ... t-exploit/). Of course, details are hard to come by for what this attack is so we will continue to research it.

mikeshinn · **Posted:** Sat Sep 05, 2009 6:45 pm

Yep, this looks like the priv escalation attack we already put out a JITP for several weeks ago. In fact, I now have the attack payload and we will put out some other sigs to catch the post exploit worm for folks that may be way behind the curve.

In short, if you are running ASL you are already protected from this and have been for weeks. :-)

biggles · **Posted:** Sun Sep 06, 2009 11:44 am

God I love ASL!

BerArt · **Posted:** Mon Sep 07, 2009 3:18 am

Thx Mike!

mikeshinn · **Posted:** Mon Sep 07, 2009 10:05 am

Our pleasure. And as always, just let us know what you need!

Wordpress sites under attack

Who is online