Wordpress under attack

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Brujah
    Beer Money Baron
    • Jan 2001
    • 22157

    #1

    Wordpress under attack

    Update your old versions.
    http://www.techcrunch.com/2009/09/05...-under-attack/
  • Machete_
    WINNING!
    • Oct 2002
    • 14579

    #2
    when are they not? when i check the access logs to the server, I see the attempts every single day.

    People should just make sure they are always updated. Make it a priority if you want to make money on your websites.

    It's like a deliveryman who dont service his car.... keeping your infrastructure running sercurely should be #1.

    That means, it's something you do BEFORE reading/posting on forums, or busting a nut to a new Megan Fox picture

    Comment

    • Iron Fist
      Too lazy to set a custom title
      • Dec 2006
      • 23400

      #3
      i like waffles

      Comment

      • Libertine
        sex dwarf
        • May 2002
        • 17860

        #4
        I wish I had more time.

        If I did, I'd start work on a commercially oriented minimalistic blog script.

        Wordpress is great, but at the same time it's bloated and therefore fundamentally susceptible to vulnerabilities. Add the many thousands of plugins it supports to that, as well as how essential some of those plugins are for using it commercially, and you end up with a big fucking risk of holes.
        /(bb|[^b]{2})/

        Comment

        • halfpint
          GFY's Halfpint
          • Jun 2007
          • 15223

          #5
          Tell me about it Iv had two sites hacked in the last month one of which is a wordpress site The fucker defaced the homepage and changed all the passwords in the admin and in my cpanel The blog has now gone from a pr2 to a pr0

          My sites were also listed on here http://zone-h.org/ If you go to the archive you can see how many sites are actually being hacked


          DEF KEEP YOUR SHIT UP TO DATE AND YOUR COMPUTER/S CLEAN IT WILL SAVE YOU A LOT OF HEADACHES ....

          Get FREE website listings on Cryptocoinshops.net

          Comment

          • BlackCrayon
            Too lazy to set a custom title
            • Jun 2003
            • 19634

            #6
            i made it so everytime i want to edit a page i have to change permissions. this seems to have stopped any kind of attack, so far.
            you don't know you're wearing a leash if you sit by the peg all day..

            Comment

            • Machete_
              WINNING!
              • Oct 2002
              • 14579

              #7
              I love the wordpress forums where people ask for help and link to their blog. And 2 days later they reply themself with something like

              "I fixed the problem by CHMOD'ing the root to 777 - kthxbye"

              and then someone reply

              "ye, I had the same problem, and I did the same to fix it"

              Comment

              • Robocrop
                Confirmed User
                • Aug 2008
                • 2785

                #8
                Or stay with 2.7.1 ?

                Comment

                • Agent 488
                  Registered User
                  • Feb 2006
                  • 22511

                  #9
                  http://wordpress.org/support/topic/307660

                  Comment

                  • Brujah
                    Beer Money Baron
                    • Jan 2001
                    • 22157

                    #10
                    Details how this hack works, looks to be a POST to /xmlrpc.php
                    http://wordpress.org/support/topic/307518

                    Still reading

                    Comment

                    • 18teens
                      Confirmed User
                      • Dec 2002
                      • 1605

                      #11
                      Thanks for the tip. I just upgraded.

                      Comment

                      • LoveSandra
                        So Fucking Banned
                        • Aug 2008
                        • 10551

                        #12
                        this is fucked up

                        Comment

                        • evildick

                          #13
                          I just deleted xmlrpc.php from all my blogs. Don't think it did anything I needed anyway.

                          Comment

                          • TheSenator
                            Too lazy to set a custom title
                            • Feb 2003
                            • 13340

                            #14
                            Common sense dedicates you should always upgrade.
                            ISeekGirls.com since 2005

                            Comment

                            • directfiesta
                              Too lazy to set a custom title
                              • Oct 2002
                              • 30135

                              #15
                              Originally posted by halfpint
                              Tell me about it Iv had two sites hacked in the last month one of which is a wordpress site The fucker defaced the homepage and changed all the passwords in the admin and in my cpanel The blog has now gone from a pr2 to a pr0

                              My sites were also listed on here xxxxxxx If you go to the archive you can see how many sites are actually being hacked


                              DEF KEEP YOUR SHIT UP TO DATE AND YOUR COMPUTER/S CLEAN IT WILL SAVE YOU A LOT OF HEADACHES ....
                              Nice... giving a backlink so they can see in their stats who links to them ...

                              I often mentionned those fuckers, but took the time to announce their url as :

                              zone hyphen h dot org .
                              I know that Asspimple is stoopid ... As he says, it is a FACT !

                              But I can't figure out how he can breathe or type , at the same time ....

                              Comment

                              • brassmonkey
                                Pay It Forward
                                • Sep 2005
                                • 77396

                                #16
                                always up 2 date here
                                TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                Comment

                                • closer
                                  Confirmed User
                                  • Sep 2005
                                  • 1707

                                  #17
                                  I don't understand people who do not upgrade, as soon as you login you can see if you need to upgrade, you can also subscribe to upgrade notices at wordpress.org and every upgrade is also announced at GFY ...

                                  Comment

                                  • VforVendetta
                                    Confirmed User
                                    • Mar 2006
                                    • 2525

                                    #18
                                    Spammers love wordpress holes
                                    Free the world

                                    Comment

                                    • ForrestBlack
                                      Confirmed User
                                      • Oct 2002
                                      • 229

                                      #19
                                      I have spend way too much time and money on WordPress code customizations that end up needing to be recoded or tweaked all the time to keep up. Having to track down the coders that did previous work for me, etc. The constant upgrades are really a drag. Sure, simple straight forward WP installs are not that hard to upgrade, these days anyway, but I wish they could just stick with a stable safe version. I can't think of another script I use that needs that much attention.
                                      SpookyCash: Original Alt/Gothic/Punk Niche Leaders

                                      Comment

                                      • Dirty Dane
                                        Sick Fuck
                                        • Feb 2004
                                        • 9491

                                        #20
                                        Thanks for the heads up.

                                        Comment

                                        • Iron Fist
                                          Too lazy to set a custom title
                                          • Dec 2006
                                          • 23400

                                          #21
                                          Those people were using 2.6.x... man no wonder they were getting hacked.... how long ago was the 2.6 wordpress generation?
                                          i like waffles

                                          Comment

                                          • $5 submissions
                                            I help you SUCCEED
                                            • Nov 2003
                                            • 32195

                                            #22
                                            Thanks, Brujah

                                            Comment

                                            • Dirty Dane
                                              Sick Fuck
                                              • Feb 2004
                                              • 9491

                                              #23
                                              Just upgraded, and no problems

                                              Comment

                                              • fatfoo
                                                ICQ:649699063
                                                • Mar 2003
                                                • 27763

                                                #24
                                                Update it indeed. Well said.
                                                Send me an email: [email protected]

                                                Comment

                                                • d-null
                                                  . . .
                                                  • Apr 2007
                                                  • 13724

                                                  #25
                                                  Originally posted by sharphead

                                                  __________________

                                                  Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad!
                                                  Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs
                                                  Check out the #1 WordPress SEO Plugin: CyberSEO Suite

                                                  Comment

                                                  • Si
                                                    Such Fun!
                                                    • Feb 2008
                                                    • 13900

                                                    #26
                                                    Originally posted by sharphead


                                                    Happens all the time!

                                                    Comment

                                                    • Agent 488
                                                      Registered User
                                                      • Feb 2006
                                                      • 22511

                                                      #27

                                                      Comment

                                                      Working...