SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 46
  1. #1
    SitePoint Wizard bbolte's Avatar
    Join Date
    Nov 2001
    Location
    The Central Plains
    Posts
    3,304
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  2. #2
    Function Curry'er JimmyP's Avatar
    Join Date
    Aug 2007
    Location
    Brighton, UK
    Posts
    2,006
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    People were told to upgrade...
    James Padolsey
    末末末末末末末末末末末末末末末末末末末
    Awesome JavaScript Zoomer (demo here)
    'Ajaxy' - Ajax integration solution (demo here)

  3. #3
    SitePoint Wizard jimbo_dk's Avatar
    Join Date
    May 2005
    Location
    Singapore
    Posts
    1,261
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by JimmyP View Post
    People were told to upgrade...
    It's easier said than done when you're manging multiple WP sites though.
    Winners Respond. Losers React.
    Singapore Web Designer

  4. #4
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There are other things that should be done, like using mod_rewrite to literally cover up all traces of WordPress being used, removing the WP version META tag, and so on.

  5. #5
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Another day, another wordpress hack

  6. #6
    SitePoint Wizard bronze trophy C. Ankerstjerne's Avatar
    Join Date
    Jan 2004
    Location
    The Kingdom of Denmark
    Posts
    2,702
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Schulz View Post
    There are other things that should be done, like using mod_rewrite to literally cover up all traces of WordPress being used, removing the WP version META tag, and so on.
    Security through obscurity is simply obscurity. While removing the version number might help against some bots (and should be removed anyway, since it's irrelevant information to the user), it won't stop a dedicated hacker.
    Christian Ankerstjerne
    <p<strong<abbr/HTML/ 4 teh win</>
    <>In Soviet Russia, website codes you!

  7. #7
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Which is why I also suggested rewriting all the WordPress specific URLs (such as to the Themes and includes folders) on top of that. Another thing to do is to disable XML-RPC as well (by literally removing it). If you're like me and don't use TinyMCE, rip that out too.

  8. #8
    SitePoint Addict
    Join Date
    Jan 2007
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    YAWN

    Yet Another Wordpress N...?

    Ok, who has a word beginning with N that fits?

  9. #9
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It doens't start with N but it does contain one.

    Yet another wordpress reminder.

  10. #10
    SitePoint Member
    Join Date
    Sep 2007
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yet Another Wordpress Nuked ?

  11. #11
    SitePoint Wizard bbolte's Avatar
    Join Date
    Nov 2001
    Location
    The Central Plains
    Posts
    3,304
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by AceRedBaron View Post
    Yet Another Wordpress Nuked ?
    i know i shouldn't laugh, but that's kinda funny.

  12. #12
    phpLD Fanatic bronze trophy dvduval's Avatar
    Join Date
    Mar 2002
    Location
    Silicon Valley
    Posts
    3,626
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    This sort of tells me that people just aren't in the loop and finding out about this stuff soon enough. Surely, the fix is only a few lines of codes, and takes 2 minutes per site to implement. Nevertheless, I know how it feels when you get hacked, and I hope people will at least be able to recover quickly.

  13. #13
    Function Curry'er JimmyP's Avatar
    Join Date
    Aug 2007
    Location
    Brighton, UK
    Posts
    2,006
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The reaction seems to be mixed elsewhere on the web... with people thinking that wordpress is only used for blogs! ...gawd, how ignorant!
    James Padolsey
    末末末末末末末末末末末末末末末末末末末
    Awesome JavaScript Zoomer (demo here)
    'Ajaxy' - Ajax integration solution (demo here)

  14. #14
    SitePoint Wizard jimbo_dk's Avatar
    Join Date
    May 2005
    Location
    Singapore
    Posts
    1,261
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Schulz View Post
    Which is why I also suggested rewriting all the WordPress specific URLs (such as to the Themes and includes folders) on top of that. Another thing to do is to disable XML-RPC as well (by literally removing it). If you're like me and don't use TinyMCE, rip that out too.
    How exactly can you do that? For e.g. How do you hide from the outside world that "wp-admin/index.php" does not exist?
    Winners Respond. Losers React.
    Singapore Web Designer

  15. #15
    SitePoint Zealot ozwebfx's Avatar
    Join Date
    Dec 2004
    Location
    Melbourne, Australia
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Schulz View Post
    There are other things that should be done, like using mod_rewrite to literally cover up all traces of WordPress being used, removing the WP version META tag, and so on.
    In the latest version of WP the version info is not part of the theme but dynamically created, if it's removed won't that interfere with the one click upgrade reminder?

  16. #16
    SitePoint Guru
    Join Date
    Sep 2004
    Posts
    613
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're supposed to upgrade and don't, you shouldn't be surprised when you're hacked.

  17. #17
    SitePoint Guru marcel's Avatar
    Join Date
    Nov 2000
    Posts
    920
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Webnet View Post
    If you're supposed to upgrade and don't, you shouldn't be surprised when you're hacked.

    Exactly

  18. #18
    SitePoint Enthusiast cyber247's Avatar
    Join Date
    Dec 2007
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Webnet View Post
    If you're supposed to upgrade and don't, you shouldn't be surprised when you're hacked.
    iam with u
    ALWAYS LOOKING FORWARD

  19. #19
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,625
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I just banned wordpress completely from our network after the last mass, automated attack. Well, not wordpress specifically, just any popular open source application using a scripting language starting with P. But it worked.

  20. #20
    SitePoint Wizard bbolte's Avatar
    Join Date
    Nov 2001
    Location
    The Central Plains
    Posts
    3,304
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Well, not wordpress specifically, just any popular open source application using a scripting language starting with P.

  21. #21
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jimbo_dk View Post
    How exactly can you do that? For e.g. How do you hide from the outside world that "wp-admin/index.php" does not exist?
    I asked the very same question on The Blog Experiment last year:

    http://www.theblogexperiment.com/blo...ad.php?p=14001

    Quote Originally Posted by wwb_99 View Post
    I just banned wordpress completely from our network after the last mass, automated attack. Well, not wordpress specifically, just any popular open source application using a scripting language starting with P. But it worked.
    Goodbye Perl, PHP, and Python, we hardly knew ye.

  22. #22
    SitePoint Wizard
    Join Date
    Feb 2007
    Posts
    1,274
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    I just banned wordpress completely from our network after the last mass, automated attack. Well, not wordpress specifically, just any popular open source application using a scripting language starting with P.
    Is Python that bad? Dang, there goes my next project.

  23. #23
    HAHA!
    Join Date
    Mar 2006
    Posts
    656
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    a remarkably un-techy post there by techcrunch I didn't read about sql injection, xss, or remote file inclusion once (RFI) in that post.
    Cheap web hosting directory listing the cheapest web hosting

    Submit articles to an article directory

  24. #24
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,478
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by honeymonster View Post
    Is Python that bad? Dang, there goes my next project.
    I think he was just referring to PHP. I know Debian Linux uses Python to single-task the startup process (starting each process one at a time instead of all at once like a lot of other operating systems do), so it can't be THAT bad.

  25. #25
    Non-Member
    Join Date
    Jun 2008
    Posts
    159
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thats why i dont like wp


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •