Something of a more serious nature now. The last few days there’s an increasing use of a WordPress exploit going on which affects all WordPress installations prior to version 2.8.4 (the most recent version).
The attack uses an exploit which was uncovered and fixed on August 12th as posted here. Recently an increase in the use of this exploit has been reported.
An exploited WordPress installation can be detected in the following manner:
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.
Please upgrade your WordPress blog as soon as possible.
Thanks to Jemimus of tweeting this to my attention
Sources: lorelle.wordpress.com, mashable.com