/?a=fetch&content=die(@md5(HelloThinkCMF))

“Ha! I hacked you!” the L337 haXX0r wizard snickers.

Just kidding dear internet friend! If you’ve noticed unusual traffic to your WordPress sites homepage that includes the HTTP GET request query parameters /?a=fetch&content=die(@md5(HelloThinkCMF)) there shouldn’t be anything to worry about as long as you are running the most recent version of WordPress.

But yes, apparently this is some sort of old WordPress exploit that doesn’t work anymore. Tonight I happened to notice unusual traffic with this pattern to my personal blog, so that’s how I heard about it. However, I think I’m going to get the last laugh, as I have a feeling this blog post is going to end up driving a ton of legitimate traffic to my blog.

So ha! I hacked you! L337 haXX0r wizard. Thanks for the traffic.

 

topherPedersen