Feeds

Hackers plant backdoor in blogging software

Stop the WordPress

Top 5 reasons to deploy VMware with Tegile

Bloging software organisation WordPress has warned that hackers posted compromised versions of its open source software after breaking into one of the servers behind its website.

Backdoor code was planted in version 2.1.1 as a result of the attack, WordPress warned on Friday.

The organisation said it has recovered from the attack but is urging users to upgrade their software to version 2.1.2, which includes "minor updates and entirely verified files", as a precaution.

Website defacements are ten a penny but attacks where hackers succeed in compromising systems are rare and far more dangerous.

In a statement, WordPress explained what it did after receiving reports its software had become contaminated with exploit code.

"It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution," it said.

WordPress reckons no downloads were altered except the 2.1.1 version of its code, so users running version of 2.0 of the software ought to be unaffected. Although only downloads of 2.1.1 made last week are potentially affected, WordPress has declared the entire version potentially unsafe.

"If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately," WordPress advised.

WordPress also reset passwords for a number of users because of the security flap. As a result, some users may have to reset their passwords on WordPress's forum as explained here. ®

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.