Wordpress under attack - GoFuckYourself.com

Brujah · 09-05-2009, 05:33 AM

Update your old versions.
http://www.techcrunch.com/2009/09/05...-under-attack/

Machete_ · 09-05-2009, 05:40 AM

when are they not? when i check the access logs to the server, I see the attempts every single day.

People should just make sure they are always updated. Make it a priority if you want to make money on your websites.

It's like a deliveryman who dont service his car.... keeping your infrastructure running sercurely should be #1.

That means, it's something you do BEFORE reading/posting on forums, or busting a nut to a new Megan Fox picture

Iron Fist · 09-05-2009, 05:48 AM

Libertine · 09-05-2009, 05:49 AM

I wish I had more time.

If I did, I'd start work on a commercially oriented minimalistic blog script.

Wordpress is great, but at the same time it's bloated and therefore fundamentally susceptible to vulnerabilities. Add the many thousands of plugins it supports to that, as well as how essential some of those plugins are for using it commercially, and you end up with a big fucking risk of holes.

halfpint · 09-05-2009, 05:52 AM

Tell me about it Iv had two sites hacked in the last month one of which is a wordpress site The fucker defaced the homepage and changed all the passwords in the admin and in my cpanel The blog has now gone from a pr2 to a pr0

My sites were also listed on here http://zone-h.org/ If you go to the archive you can see how many sites are actually being hacked

DEF KEEP YOUR SHIT UP TO DATE AND YOUR COMPUTER/S CLEAN IT WILL SAVE YOU A LOT OF HEADACHES ....

BlackCrayon · 09-05-2009, 05:55 AM

i made it so everytime i want to edit a page i have to change permissions. this seems to have stopped any kind of attack, so far.

Machete_ · 09-05-2009, 06:01 AM

I love the wordpress forums where people ask for help and link to their blog. And 2 days later they reply themself with something like

"I fixed the problem by CHMOD'ing the root to 777 - kthxbye"

and then someone reply

"ye, I had the same problem, and I did the same to fix it"

Robocrop · 09-05-2009, 06:06 AM

Or stay with 2.7.1 ?

Agent 488 · 09-05-2009, 06:11 AM

http://wordpress.org/support/topic/307660

Brujah · 09-05-2009, 06:22 AM

Details how this hack works, looks to be a POST to /xmlrpc.php
http://wordpress.org/support/topic/307518

Still reading

18teens · 09-05-2009, 06:57 AM

Thanks for the tip. I just upgraded.

LoveSandra · 09-05-2009, 07:01 AM

this is fucked up

09-05-2009, 07:18 AM

I just deleted xmlrpc.php from all my blogs. Don't think it did anything I needed anyway.

TheSenator · 09-05-2009, 07:20 AM

Common sense dedicates you should always upgrade.

directfiesta · 09-05-2009, 11:23 AM

Quote:

Originally Posted by halfpint

Tell me about it Iv had two sites hacked in the last month one of which is a wordpress site The fucker defaced the homepage and changed all the passwords in the admin and in my cpanel The blog has now gone from a pr2 to a pr0

My sites were also listed on here xxxxxxx If you go to the archive you can see how many sites are actually being hacked

DEF KEEP YOUR SHIT UP TO DATE AND YOUR COMPUTER/S CLEAN IT WILL SAVE YOU A LOT OF HEADACHES ....

Nice... giving a backlink so they can see in their stats who links to them ...

I often mentionned those fuckers, but took the time to announce their url as :

zone hyphen h dot org .

brassmonkey · 09-05-2009, 11:30 AM

always up 2 date here

closer · 09-05-2009, 04:19 PM

I don't understand people who do not upgrade, as soon as you login you can see if you need to upgrade, you can also subscribe to upgrade notices at wordpress.org and every upgrade is also announced at GFY ...

VforVendetta · 09-05-2009, 04:36 PM

Spammers love wordpress holes

ForrestBlack · 09-05-2009, 04:43 PM

I have spend way too much time and money on WordPress code customizations that end up needing to be recoded or tweaked all the time to keep up. Having to track down the coders that did previous work for me, etc. The constant upgrades are really a drag. Sure, simple straight forward WP installs are not that hard to upgrade, these days anyway, but I wish they could just stick with a stable safe version. I can't think of another script I use that needs that much attention.

Dirty Dane · 09-05-2009, 05:37 PM

Thanks for the heads up.

Iron Fist · 09-05-2009, 06:40 PM

Those people were using 2.6.x... man no wonder they were getting hacked.... how long ago was the 2.6 wordpress generation?

$5 submissions · 09-05-2009, 06:44 PM

Thanks, Brujah

Dirty Dane · 09-05-2009, 07:14 PM

Just upgraded, and no problems

fatfoo · 09-05-2009, 07:22 PM

Update it indeed. Well said.

d-null · 09-06-2009, 12:00 AM

Quote:

Originally Posted by sharphead

Si · 09-06-2009, 07:37 AM

Quote:

Originally Posted by sharphead

Happens all the time!

Agent 488 · 09-06-2009, 08:19 AM

09-05-2009, 05:48 AM	#3
Iron Fist Too lazy to set a custom title Join Date: Dec 2006 Posts: 23,400	__________________ i like waffles

09-05-2009, 05:49 AM	#4
Libertine sex dwarf Join Date: May 2002 Posts: 17,860	I wish I had more time. If I did, I'd start work on a commercially oriented minimalistic blog script. Wordpress is great, but at the same time it's bloated and therefore fundamentally susceptible to vulnerabilities. Add the many thousands of plugins it supports to that, as well as how essential some of those plugins are for using it commercially, and you end up with a big fucking risk of holes. __________________ /(bb\|[^b]{2})/

09-05-2009, 05:52 AM	#5
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	Tell me about it Iv had two sites hacked in the last month one of which is a wordpress site The fucker defaced the homepage and changed all the passwords in the admin and in my cpanel The blog has now gone from a pr2 to a pr0 My sites were also listed on here http://zone-h.org/ If you go to the archive you can see how many sites are actually being hacked DEF KEEP YOUR SHIT UP TO DATE AND YOUR COMPUTER/S CLEAN IT WILL SAVE YOU A LOT OF HEADACHES .... __________________ Get FREE website listings on Cryptocoinshops.net

09-05-2009, 05:55 AM	#6
BlackCrayon Too lazy to set a custom title Join Date: Jun 2003 Location: Ottawa Posts: 19,631	i made it so everytime i want to edit a page i have to change permissions. this seems to have stopped any kind of attack, so far. __________________ you don't know you're wearing a leash if you sit by the peg all day..

09-05-2009, 06:22 AM	#10
Brujah Beer Money Baron Industry Role: Join Date: Jan 2001 Location: brujah / gmail Posts: 22,157	Details how this hack works, looks to be a POST to /xmlrpc.php http://wordpress.org/support/topic/307518 Still reading __________________ Free Premium Domain Lists and Tools at Clickmojo.com For Sale: Obscenity.com

09-05-2009, 05:33 AM	#1
Brujah Beer Money Baron Industry Role: Join Date: Jan 2001 Location: brujah / gmail Posts: 22,157	Wordpress under attack Update your old versions. http://www.techcrunch.com/2009/09/05...-under-attack/ __________________ Free Premium Domain Lists and Tools at Clickmojo.com For Sale: Obscenity.com

09-05-2009, 05:40 AM	#2
Machete_ WINNING! Industry Role: Join Date: Oct 2002 Posts: 14,579	when are they not? when i check the access logs to the server, I see the attempts every single day. People should just make sure they are always updated. Make it a priority if you want to make money on your websites. It's like a deliveryman who dont service his car.... keeping your infrastructure running sercurely should be #1. That means, it's something you do BEFORE reading/posting on forums, or busting a nut to a new Megan Fox picture

09-05-2009, 06:01 AM	#7
Machete_ WINNING! Industry Role: Join Date: Oct 2002 Posts: 14,579	I love the wordpress forums where people ask for help and link to their blog. And 2 days later they reply themself with something like "I fixed the problem by CHMOD'ing the root to 777 - kthxbye" and then someone reply "ye, I had the same problem, and I did the same to fix it"

09-05-2009, 06:06 AM	#8
Robocrop Confirmed User Industry Role: Join Date: Aug 2008 Location: Hollywood Posts: 2,785	Or stay with 2.7.1 ?

09-05-2009, 06:11 AM	#9
Agent 488 Registered User Industry Role: Join Date: Feb 2006 Posts: 22,511	http://wordpress.org/support/topic/307660

09-05-2009, 06:57 AM	#11
18teens Confirmed User Industry Role: Join Date: Dec 2002 Posts: 1,605	Thanks for the tip. I just upgraded.

09-05-2009, 07:01 AM	#12
LoveSandra So Fucking Banned Join Date: Aug 2008 Location: Just Blow Me Posts: 10,551	this is fucked up

09-05-2009, 07:18 AM	#13
evildick Guest Posts: n/a	I just deleted xmlrpc.php from all my blogs. Don't think it did anything I needed anyway.

09-05-2009, 07:20 AM	#14
TheSenator Too lazy to set a custom title Industry Role: Join Date: Feb 2003 Location: NJ Posts: 13,337	Common sense dedicates you should always upgrade. __________________ ISeekGirls.com since 2005

09-05-2009, 11:30 AM	#16
brassmonkey Pay It Forward Industry Role: Join Date: Sep 2005 Location: Yo Mama House Posts: 77,246	always up 2 date here __________________ TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

09-05-2009, 04:19 PM	#17
closer Confirmed User Industry Role: Join Date: Sep 2005 Location: ICQ :: 34739932 :: Les Pays-Bas Posts: 1,707	I don't understand people who do not upgrade, as soon as you login you can see if you need to upgrade, you can also subscribe to upgrade notices at wordpress.org and every upgrade is also announced at GFY ... __________________ HOT DOMAIN NAMES FOR SALE: EUROPEAN: MACHO.FR ⌘ KINKY.ES ⌘ SEXTOONS.CO.UK ⌘ DOT COMS: DJSEX.COM ⌘ FAQBOX.COM ⌘ WEBCAMSTV.COM ⌘ SEXTWEET.COM ⌘ PORNVOUCHER.COM ⌘ GAYBF.COM \| GAYBFF.COM ⌘ GAYSEXDATE.COM \| GAYSEXDATING.COM

09-05-2009, 04:36 PM	#18
VforVendetta Confirmed User Join Date: Mar 2006 Posts: 2,526	Spammers love wordpress holes __________________ Free the world

09-05-2009, 04:43 PM	#19
ForrestBlack Confirmed User Industry Role: Join Date: Oct 2002 Location: West Hollywood Posts: 227	I have spend way too much time and money on WordPress code customizations that end up needing to be recoded or tweaked all the time to keep up. Having to track down the coders that did previous work for me, etc. The constant upgrades are really a drag. Sure, simple straight forward WP installs are not that hard to upgrade, these days anyway, but I wish they could just stick with a stable safe version. I can't think of another script I use that needs that much attention. __________________ SpookyCash: Original Alt/Gothic/Punk Niche Leaders

09-05-2009, 05:37 PM	#20
Dirty Dane Sick Fuck Industry Role: Join Date: Feb 2004 Location: www Posts: 9,491	Thanks for the heads up.

09-05-2009, 06:40 PM	#21
Iron Fist Too lazy to set a custom title Join Date: Dec 2006 Posts: 23,400	Those people were using 2.6.x... man no wonder they were getting hacked.... how long ago was the 2.6 wordpress generation? __________________ i like waffles

09-05-2009, 06:44 PM	#22
$5 submissions I help you SUCCEED Industry Role: Join Date: Nov 2003 Location: The Pearl of the Orient Seas Posts: 32,195	Thanks, Brujah __________________ Need a NON-ADULT income stream? We build your YOUTUBE CHANNEL for only $20 per video! For Hire: $3/hour or $400 per month Marketing Specialist Virtual Assistants

09-05-2009, 07:14 PM	#23
Dirty Dane Sick Fuck Industry Role: Join Date: Feb 2004 Location: www Posts: 9,491	Just upgraded, and no problems

09-05-2009, 07:22 PM	#24
fatfoo ICQ:649699063 Industry Role: Join Date: Mar 2003 Posts: 27,763	Update it indeed. Well said. __________________ Send me an email: [email protected]

09-06-2009, 08:19 AM	#27
Agent 488 Registered User Industry Role: Join Date: Feb 2006 Posts: 22,511