Attacks on old versions of WordPress
Lorelle has news that older versions of WordPress are being attacked. Symptoms include:
- odd additions to permalinks - "eval" and "base64_decode". Your blog's permalinks will no longer work.
- a new administrator account, perhaps named Administrator (2), created but not by you. This can happen even if registration is turned off on your blog.
If you haven't upgraded, DO IT NOW. As of today, you should be running version 2.8.4: check your dashboard. If it has any number lower than that, you need to upgrade. If you're using a version of WP higher than 2.7, it'../../../2009/06/upgrading-wordpress-just-do-it-will-you/">here they are.
If you've been hit with this already, then copying your posts and comments into a completely clean installation of WordPress seems to be the best way to deal with it. Simply upgrading now will most likely not deal with this (hackers know how WordPress upgrades work, and make the compromised files ones which are not over-written in an upgrade). Smackdown has more advice.
I'm going to say too, I'm pretty shocked by the attitude of some people: Weblog Tools Collection's comments have some who are saying they won't upgrade. If you take that line, frankly, you deserve what you get.