I just got this info from the 2.6.5 release information. I hope it helps.
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
As westi said above this is not looking to be a WordPress issue but a server issue.
Bob Smith, that info can be seen by clicking on the Blog tab at the top of this page.
I’ve gotten through the first few steps and am at the point where I have to delete certain files before re-installation.
But it won’t let me delete them with FTP. Says I don’t have permission. Have my permissions been messed with?
ktomasch – I’m having the same problems – can’t delete the files necessary to install the upgrade from my ftp.
I also can’t access the files gzip files from the upgrade without downloading a program. I’m at work and can’t download programs to this computer.
Anyone care to cut and paste the contents of the wp-includes/feed.php and wp-includes/version.php files here so I can maybe fix this?
Might need to talk with your host if you can’t change the permissions or ownership. Talking to your host may also give you the chance to discuss this problem. Might even point them to this thread.
Can’t delete the garbage wp-blog-header.php file, even though it SAYS I have permission to.
@ MichaelH
I sent my host this thread and let them know it may be a server issue.
“I’m sorry to hear about this hacking incident. There have been no wide
spread reports of sites being hacked in our system lately (believe me we
know when there is a wide spread issue). Looking at the comment you
linked to it was only one persons opinion that it was a server wide
issue, I’m seeing no evidence that it is.”
Weird thing was, that I had just upgraded my blogs a little while ago, but in the control panel it was telling me to upgrade to the latest version.
Just putting this info out there.
Well westi is a developer and his opinion has got some weight. But, then again, this thread mentions 4 or 5 hosts that have seen the problem, and various versions of WordPress have been affected.
I guess time will see…thank for the update Bob.
No one seems to know for certain what’s going on.
It may not be widespread on any one host, but it may be widespread among WordPress users, who may be spread around all over the place.
actually just noticed my hacked site now suffers from the google redirect hack.
Background here:
http://www.google.com/search?hl=en&safe=off&q=google+redirect+hack&btnG=Search
Found a mess of code wp-blog-header.php
When I try to upload a new file it doesn’t let me save it.
Have some permissions been changed?
That’s a symptom of the problem–may need another chat with your host.
Connecting this related thread
http://wordpress.org/support/topic/220447?replies=40
I’m on Bluehost and they’re reporting wide spread hacking only on WP sites. I cannot get in and change anything. I’ve tried to edit, upload new files…nothing works…like it used to.
I don’t care whose fault it is…besides some low-level scumball hacker…but I would like to know a good solution.
Sent my host more info about the issue. Is there anyway I can fix the permissions or does my host have to?
There are reports coming in that sites that didn’t work before suddenly started working again.
This makes me believe it’s something more as wp-blog-header.php has been compromised.
I would love to receive a zipped up WordPress blog of a site that didn’t work and suddenly started working again, wp-config.php can be omitted (No need to see your password π ) to see if I can find out what else is compromised, how this started and see if I can come up with a solution.
If anybody is willing to send me a zip file shoot me an email @gmail.com my user is pvanderdoes
