(Alert) ArabCrunch and WordPress Under Attack: Upgrade your WordPress site IMMEDIATELY.
Yesterday, I discovered that the permalinks of ArabCrunch posts are not working and have changed to:
I got panicked, and as ArabCrunch is run using the most popular free open source blogging platform: WordPress (WP), I upgraded WP to the latest version and changed the permalinks back to their original form.
But today at a certain point some old posts’ permalink did not work, I was now sure AC is under attack. and by looking at today’s blog post by Matthew Mullenweg wordpress cofounder, the problem I am facing is actually a warm that has been attacking wordpress self hosted blogs that are older than the current 2.8.4 version.
In his post Matt wrote:
And this is exactly what happened to AC, 7 new users have registered to AC’s WP in the last few days, something that was strange to me, here are their emails:
This warm is dangerous as Matt explains:
Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
Matt, Lorelle and ArabCrunch urges all WP users update your WordPress site IMMEDIATELY to the latest version. Change ALL passwords to a strong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.
And if you had the symptoms I described above Lorelle suggests the following:
If your site has already been attacked, it appears that the hack attacks the database, going deep. We’re looking for solutions, but the easiest appears to be to export all your content with the built-in XML WordPress export (pre 2.1 versions, try the WordPress-to-WordPress Import WordPress Plugin) and literally remove your WordPress installation totally (save images and general files). DO NOT EXPORT YOUR DATABASE! Install the latest version of WordPress and add the “clean” backup of your WordPress Theme, then import the XML export. The export will contain your posts, Pages, and comments, and hopefully no other hacked code.
Since I do not know how well the attacker has infiltrated AC, I will tomorrow by the well of God, delete WP installation and clean up the database, after doing another export and reinstall WP.
This warm is against the spirit of the open source community ( shame on the perpetrator/s) and comes at a time when I was planning to launch the Arabic version of ArabCrunch in 2 days. But now I have to fix this ASAP. And since AC’s theme is old, I will finish customizing a theme I started working with a while ago. So be patient in the coming few days.
If you found any problems while browsing ArabCrunch please report them to my email: editor _attt_ ?arabcrunch _dottt_ com
If you are running WP make sure to read these posts:
(PS: Thanks to everyone who helped in this.)
Image by Civitanova Marche.