December 23, 2009 | Blogging

Old Versions of WordPress Under Attack: evalbase64 in the URLs

WordPress

If you’ve seen weird URLs with “evalbase64″ in your server logs, it’s because there’s an organized attack underway against old WordPress versions.

The attackers are taking advantage of certain vulnerabilities and installing a hidden admin user to be able to log in to your WordPress installation at any time without your knowing it.

Your server logs may contain entries like this:

194.8.75.159 - - [22/Dec/2009:04:32:55 -0800] "GET /2008/12/13/updating-old-posts-or
-posting-new-ones/%25&evalbase64_decode_SERVERHTTP_REFERER.%2B&%25/ HTTP/1.0" 200 16265
 "http://www.digitivity.org/2008/12/13/updating-old-posts-or-posting-new-ones/
 %25&evalbase64_decode_SERVERHTTP_REFERER.%2B&%25/" "Mozilla/4.0 (compatible; MSIE 5.0;
 Windows 2000) Opera 6.0 [en]"

It’s best to move to the latest version of WordPress as soon as possible.


If you liked this article

If you liked this article, don’t forget to subscribe for updates!

Subscribe to New Articles by RSS or E-mail

Get updates by RSS (What’s RSS?)

Subscribe by email:

Follow me on Twitter


Share/Bookmark/Email This Article

[del.icio.us] [Digg] [dzone] [Facebook] [LinkedIn] [Reddit] [Slashdot] [StumbleUpon] [Technorati] [Twitter] [Yahoo!] [Email] More »

Top Incoming Search Terms

easily remove eval_base64 from your server evalbase64_decode_serverhttp_referer eval_code64 http://digitivity.org/tag/malware remove evalbase64 site:http://digitivity.org/ site:http://digitivity.org/ virus

Related posts:

  1. Showing Related Posts in WordPress with the YARPP Plugin to Increase Pageviews Want a quick way to double your pageviews? When a...
  2. 4 Cool Features and 4 Boring Ones in the New WordPress 2.9 WordPress 2.9 is out and it has a lot of...
  3. Showing Excerpts Instead of Full Posts on the Home Page in WordPress Some of my posts have been getting longer and longer,...
  4. WordPress Cutline Theme Resizes Image in Internet Explorer but not Firefox I was using the Cutline theme for this blog. After...
  5. Making Minor Changes in WordPress Without Updating the Last-Updated Date with the Minor Edit Plugin Did you know that if you make the smallest change...

Explore related content: , , , ,

2 Responses to “Old Versions of WordPress Under Attack: evalbase64 in the URLs”

  1. gingii says:
    January 21, 2011 at 1:26 pm

    i am used to work with the old version of WordPress. i don’t say that i didn’t tried the newest one, but i stayed with the previous. and about attack, i have the solution. till i install the virus removal, if the soft will pas my antivirus, then the tool will remove it. The tool focuses on the detection and removal of active malicious software.simple!

  2. Eustolia Angela says:
    February 7, 2011 at 3:17 pm

    I’ve read a few good stuff here. Certainly worth bookmarking for revisiting. I surprise how much effort you put to create such a excellent informative web site.

Leave a Reply

CommentLuv Enabled