Thanks to Janne, who noted that my blog might have been had. The sign for this was that my permalinks were all weirded out with additions like base64_decode ($_SERVER [HTTP-REFERER] ) (code intentionally munged).
- The quick fix was to edit my permalink settings, removing the funky suffix.
- I also edited sitemap.xml, created by a plugin for Google (and other index engines’) site maps.
- Futhermore, i edited my database manually to remove the base64_decode bits from the GUIDs of my last few posts. Older posts seemed unharmed
- Finally, being very paranoid about the “extra administrators” phenomenon exhibited by this worm, i deleted nearly all of my users. This may include you. So if i did remove you from my system (and i probably did), i’m really sorry and it’s nothing against you. I want you back. It’s all because of that jerk who wrote this Wordpress worm and should be kicked in tar, rolled in feathers and carried around town on a sharp stick.
Oddly enough, i was not able to find more administrators than there should have. Maybe i got lucky. Or maybe i just happened to update my WP just as crap was hitting the fan. Or maybe i just haven’t found the worm lurking inside my code just yet.
In any case, we are back. For now.
Clicky!
I liked this
- How to Construct an Informative Presentation
- 2010-03-07: Sinfest
- Construct an Ultra-Slow Pinhole Camera to Create Surreal Photos [Camera Hacks]
- Trimester
- Fun with punctuation
- Strip Games
- Strip Games
- Zits for 1/31/2010
- Panning time lapse using a kitchen timer
- Learn the Art of Smooth Transitions to Avoid Being Late [Time Management]
Please leave a comment!
Comments feed for this article
Trackback link: http://www.navelfluff.org/2009/09/10/pwnd/trackback/