WordPress Bloggers: Security Issue

Discussion in 'Wordpress' started by junglekid, Nov 14, 2009.

  1. junglekid

    junglekid
    uix_expand uix_collapse
    Member

    Joined:
    Jun 24, 2009
    Messages:
    249
    Likes Received:
    3
  2. Fergal

    Fergal
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Nov 18, 2007
    Messages:
    10,575
    Likes Received:
    1,165
    Thanks for the warning junglekid, sounds like a serious issue and anyone running a WP site should take the time to complete the upgrade.
     
  3. madringo

    madringo
    uix_expand uix_collapse
    Member

    Joined:
    Nov 26, 2007
    Messages:
    41
    Likes Received:
    0
    Just updated 5 WordPress websites. Tiring stuff :yawn:

    Some advice to anyone who installed via Fantastico (or similar) to upgrade your WordPress installation manually as these automatic installers can sometimes leave vulnerabilities with folder & file permissions.
     
  4. Sahil

    Sahil
    uix_expand uix_collapse
    Active Member

    Joined:
    Jun 26, 2009
    Messages:
    1,003
    Likes Received:
    45
    Did the upgrade with few blog, and still left with few of them. Will complete it within tomorrow as it does take some long time.
     
  5. Elomelo

    Elomelo
    uix_expand uix_collapse
    Member

    Joined:
    Sep 10, 2009
    Messages:
    124
    Likes Received:
    0
    Really? You made me so much worried! If this information is true then the spammers and hackers will make the life of all WP bloggers real hell. I am also running a number of sites with WP. I have to upgrade it soon. Thanks for this very much useful information.
     
  6. nirose

    nirose
    uix_expand uix_collapse
    Member

    Joined:
    May 23, 2009
    Messages:
    69
    Likes Received:
    0
    Have already taken care of this issue.
     
  7. madringo

    madringo
    uix_expand uix_collapse
    Member

    Joined:
    Nov 26, 2007
    Messages:
    41
    Likes Received:
    0
    They only aim for the large influential blogs. Smaller scale bloggers shouldn't worry too much once the minimum preventatives are in place.
     
  8. Elomelo

    Elomelo
    uix_expand uix_collapse
    Member

    Joined:
    Sep 10, 2009
    Messages:
    124
    Likes Received:
    0
    Thanks for the info. Then I have nothing to be tensed! My websites are not that much influential. So, hackers or spammers are not approaching them.:p
     
  9. Fergal

    Fergal
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Nov 18, 2007
    Messages:
    10,575
    Likes Received:
    1,165
    Elomelo, if you are running a WP site you should complete the upgrade. You never know when someone might take a disliking to your site and decide to hack it. Hackers learn their skills by targeting smaller, less secure sites.
     
  10. eddane

    eddane
    uix_expand uix_collapse
    Member

    Joined:
    Nov 16, 2009
    Messages:
    56
    Likes Received:
    0
    Thanks for pointing this out. I was not aware of this security issues.

    Ed
     
  11. junglekid

    junglekid
    uix_expand uix_collapse
    Member

    Joined:
    Jun 24, 2009
    Messages:
    249
    Likes Received:
    3
    Just an update to show how serious a problem this WordPress security issue can be.

    Joel Therien from Kiosk just posted this on his blog:

    "...We are rebuilding new servers now because it looks like some of the servers were what’s called "rooted".

    Which means once they got in through a insecure wordpress blog, they were able to get full control of the server. The only fix for that is to move people to a brand new server.

    Alot of people are asking if we take all security precautions and we do like running php suexec, mod security rules some ssh rules etc. WE RUN ALL that and more.

    The unfortunate thing is, one person can have one blog that is insecure and they get access to the whole server.
    "

    Source: http://joeltherien.com/blog/?p=374

    Also check this Google page: http://www.google.com/search?hl=en&q=wordpress+iframe+attacks&aq=f&oq=&aqi=

    My recommendation is that if you have recently updated your WordPress blog you do it again by installing the latest 2.8.6 version. (Apparently the older versions 2.6 and lower do not present this problem.)
     
  12. GekiDan

    GekiDan
    uix_expand uix_collapse
    Active Member

    Joined:
    Jun 11, 2009
    Messages:
    2,594
    Likes Received:
    218
    This happened to my friend's site. But it is now fixed.
     
  13. Fergal

    Fergal
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Nov 18, 2007
    Messages:
    10,575
    Likes Received:
    1,165
    Thanks for the warning junglekid, it's really worrying to think that a hacker could get access to a whole server, through a single blog on the server. This has got to be a huge concern for anyone with a site on a shared hosting plan.
     

Share This Page