|
Wordpress under attack
Update your old versions.
http://www.techcrunch.com/2009/09/05...-under-attack/ |
when are they not? when i check the access logs to the server, I see the attempts every single day.
People should just make sure they are always updated. Make it a priority if you want to make money on your websites. It's like a deliveryman who dont service his car.... keeping your infrastructure running sercurely should be #1. That means, it's something you do BEFORE reading/posting on forums, or busting a nut to a new Megan Fox picture |
|
I wish I had more time.
If I did, I'd start work on a commercially oriented minimalistic blog script. Wordpress is great, but at the same time it's bloated and therefore fundamentally susceptible to vulnerabilities. Add the many thousands of plugins it supports to that, as well as how essential some of those plugins are for using it commercially, and you end up with a big fucking risk of holes. |
Tell me about it Iv had two sites hacked in the last month one of which is a wordpress site The fucker defaced the homepage and changed all the passwords in the admin and in my cpanel The blog has now gone from a pr2 to a pr0
My sites were also listed on here http://zone-h.org/ If you go to the archive you can see how many sites are actually being hacked DEF KEEP YOUR SHIT UP TO DATE AND YOUR COMPUTER/S CLEAN IT WILL SAVE YOU A LOT OF HEADACHES .... |
i made it so everytime i want to edit a page i have to change permissions. this seems to have stopped any kind of attack, so far.
|
I love the wordpress forums where people ask for help and link to their blog. And 2 days later they reply themself with something like
"I fixed the problem by CHMOD'ing the root to 777 - kthxbye" and then someone reply "ye, I had the same problem, and I did the same to fix it" |
Or stay with 2.7.1 ? :)
|
|
Details how this hack works, looks to be a POST to /xmlrpc.php
http://wordpress.org/support/topic/307518 Still reading |
Thanks for the tip. I just upgraded.
|
this is fucked up :(
|
I just deleted xmlrpc.php from all my blogs. Don't think it did anything I needed anyway.
|
Common sense dedicates you should always upgrade.
|
Quote:
I often mentionned those fuckers, but took the time to announce their url as : zone hyphen h dot org . :2 cents: |
always up 2 date here
|
I don't understand people who do not upgrade, as soon as you login you can see if you need to upgrade, you can also subscribe to upgrade notices at wordpress.org and every upgrade is also announced at GFY ...
|
Spammers love wordpress holes :)
|
I have spend way too much time and money on WordPress code customizations that end up needing to be recoded or tweaked all the time to keep up. Having to track down the coders that did previous work for me, etc. The constant upgrades are really a drag. Sure, simple straight forward WP installs are not that hard to upgrade, these days anyway, but I wish they could just stick with a stable safe version. I can't think of another script I use that needs that much attention.
|
Thanks for the heads up.
|
Those people were using 2.6.x... man no wonder they were getting hacked.... how long ago was the 2.6 wordpress generation?
|
Thanks, Brujah
|
Just upgraded, and no problems :)
|
Update it indeed. Well said.
|
Quote:
|
Quote:
Happens all the time! :mad: |
|
| All times are GMT -7. The time now is 04:02 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123