It's a cracker: Blog software breached

An unknown intruder has compromised a WordPress server and added a remote control tool to downloadable versions of the widely used blogging software.

The breach happened last week and was discovered on Friday, WordPress creator Matt Mullenweg wrote on the WordPress website.

He said: "Long story short: If you downloaded WordPress 2.1.1 within the past three to four days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately." He did not say how the attacker breached the WordPress system.

The WordPress team learned of the compromise through an email to its security email address about unusual and highly exploitable code in the software. After an investigation, the team concluded somebody had modified two files in the 2.1.1 release that would allow for remote execution of PHP code, Mullenweg wrote.

The vulnerability could allow an attacker access to the server running the blogging software.

The web server hosting the infected WordPress software was taken down and will be forensically examined, Mullenweg wrote. "This is the kind of thing you pray never happens but it did and now we're dealing with it as best we can," he wrote.

Not all downloads of 2.1.1 were rigged but WordPress has released version 2.1.2 which includes minor updates and entirely verified files. The team is also taking measures to prevent a similar breach in the future, according to Mullenweg.

Any WordPress users running version 2.1.1 should upgrade immediately to overwrite all old files. WordPress has additional tips for web hosters and network administrators.

Joris Evers writes for CNET News.com