Welcome to WebmasterWorld Guest from 50.17.114.227

Forum Moderators: phranque

Message Too Old, No Replies

WordPress 2.1.1: the poisoned download

Distributed WP version contained cracker code

     
3:03 am on Mar 3, 2007 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9063
votes: 2


[wordpress.org...]
If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker (...) It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. (...) They modified two files in WP to include code that would allow for remote PHP execution.

The patched version, 2.1.2 is available for download now from the WordPress site, and according to the developers, version 2.0 files were not affected.

WordPress 2.1.1 was released on February 21st 2007, so if you installed WordPress between then and March 2nd, you should upgrade without delay.

3:58 am on Mar 3, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Nov 30, 2003
posts:103
votes: 0


wow... this is quite heavy stuff
8:00 am on Mar 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 20, 2005
posts:451
votes: 0


Expect it (matters of the hack / crack) to get worse. Just watch the forums here. Recently people have been reporting their sites taken over (sub domains) for casino, etc.
10:26 am on Mar 3, 2007 (gmt 0)

New User

5+ Year Member

joined:Feb 16, 2007
posts:27
votes: 0


hacking is common for GPL codes. Like good coders there are bad coders (bad not in skill sense) who keep working to make things hard.
5:21 pm on Mar 3, 2007 (gmt 0)

Full Member

10+ Year Member

joined:June 16, 2004
posts:249
votes: 0


Damn - I wasted hours upgrading a bundh of WP installations this week - guess I'm doing it again :(!

Thanks for the heads-up.

6:47 pm on Mar 3, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member suzyuk is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Oct 1, 2002
posts:5199
votes: 0


ouch.. thanks for heads up

I wondered why WP was down last night. I had just started setting up a 2.1.1 site - nipped in the bud thanks to this post!

8:21 pm on Mar 5, 2007 (gmt 0)

New User

5+ Year Member

joined:Dec 19, 2006
posts:7
votes: 0


interesting how they don't mention it on wordpress.org...
9:57 pm on Mar 5, 2007 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12533
votes: 0


Welcome to WebmasterWorld, Brian Harris.

You way want to check the link in the first message again ;)