WordPress upgraded and categories converted to tags

It seems like I’m always using an old WordPress generation, but hopefully without suffering too much from security issues. After upgrading I installed New Tag Cloud and converted my categories to tags. Unfortunately that means that all my posts are uncategorized now! I also need to fix the CSS styling for the tag cloud.

WordPress crack attempt this morning!

When I got to work and viewed this blog I noticed that Sidebar Widgets was disabled. I thought "That’s weird!"

When I tried to login to the administration interface I was told that my WordPress database needed upgrading. I thought "That’s weird!"

Some further investigation revealed that someone managed to upload a PHP script called ro8kfbsmag.txt (MD5 sum df3b74cd38c717d9d7bbf0cd1910baa1) to my /tmp directory. It starts like this:

<?php
/*Magic Include Shell by Mag icq 884888*/
//TODO: ñëèòü ôàéëî íà ñâîé ôòï (!)
$ver='2.1';
if(isset($_GET[pisun233]))
{

This gave me enough information too start googling. A must-read is Detailed Post-Mortem of a Website Hack Through WordPress & How To Protect Your WordPress Blog From Hacking, as it describes a very similar attack. There is also a support thread at wordpress.org: Weird and Dangerous : ro8kfbsmag.txt.

The attack vector on my server looked like this, originating from 78.109.21.80 with HTTP/1.0 as protocol version and "Opera" as User-Agent. I wish I logged POST data!

POST /wp-admin/options.php
POST /wp-admin/upload.php
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/inline-uploading.php?post=-1&action=upload
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/options.php
POST /wp-admin/options.php
GET /wp-admin/upgrade.php?step=1

Needless to say, I have restored a backup and taken certain precautions to prevent this from happening again.