Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Reply
 
LinkBack Thread Tools Display Modes
Share |
  #1 (permalink)  
Old 02-22-2010, 04:22 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Wordpress Alerts Thread

This sticky thread has been created as a resource for self-installed Wordpress users (it is assumed wordpress.com would take care of these a.s.a.p.).

Define self-installed Wordpress:
You set it up all on your lonesome! You downloaded Wordpress yourself (or the person you hired) and installed it. You (or the person you hired) setup the database yourself. You add your own theme(s) and plugins.

Define not self-installed Wordpress:
You used a "push button" install provided by your hosting company.

If you can't update your Wordpress installation, then when you notice an alert here, get after your hosting company to update!

Replies
Only alerts please. No general conversation.

If an alert is posted without a solution and one comes available, that kind of reply is ok (one only solution please). Please quote the alert in your reply.
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote

Advertisement

Advertisement

  #2 (permalink)  
Old 02-22-2010, 04:27 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
WordPress Thrashing Authorisation Bypass

Quote:
Thomas Mackenzie has reported a vulnerability affecting Wordpress >= 2.9. Versions before 2.9 are not vulnerable....

...To fix this problem, update to the latest WordPress version which is currently 2.9.2....

...The vulnerability only concerns multi-user blogs, for standalone user blogs this can be seen as a low impact issue....
Complete alert: WordPress Thrashing Authorisation Bypass - BlogSecurity

Bolding to the fix added by yours truly.

Don't forget to backup your files and database before applying the fix!
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #3 (permalink)  
Old 04-09-2010, 03:52 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Hundreds of Wordpress Blogs Hit by ‘Networkads.net’ Hack

Quote:
A large number of bloggers using Wordpress are reporting that their sites recently were hacked and are redirecting visitors to a page that tries to install malicious software.

According to multiple postings on the Wordpress user forum and other blogs, the attack doesn’t modify or create files, but rather appears to inject a Web address — “networkads.net/grep” — directly into the target site’s database, so that any attempts to access the hacked site redirects the visitor to networkads.net. Worse yet, because of the way the attack is carried out, victim site owners are at least temporarily locked out of accessing their blogs from the Wordpress interface.

It’s not clear yet whether the point of compromise is a Wordpress vulnerability (users of the latest, patched version appear to be most affected), a malicious Wordpress plugin, or if a common service provider may be the culprit. However, nearly every site owner affected so far reports that Network Solutions is their current Web hosting provider....
Hundreds of Wordpress Blogs Hit by ‘Networkads.net’ Hack

There is a fix included in the article if this has happened to you.
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #4 (permalink)  
Old 04-13-2010, 02:54 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Secure File Permissions Matter

Apparently there's some rumours/stuff going around about the Networkads.net issue above.

Wordpress' clarification/rebuttal: Secure File Permissions Matter
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #5 (permalink)  
Old 04-13-2010, 03:52 PM
ScriptMan's Avatar
Super Moderator
 
Join Date: 02-10-07
Location: Central Kentucky
Posts: 13,127
iTrader: 4 / 100%
Some how I missed this thread the first time around back in Feb. This is a valuable resource for the self installed WordPress user.

Good thread Tutor.
__________________
I do not put ads or pop-ups in my posts and I have no control of what shows there. I do not endorse any product displayed in my post.
Scriptman's Playhouse || Ramblings from an old man
 
Reply With Quote
  #6 (permalink)  
Old 05-10-2010, 02:46 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Large-scale attack on WordPress

Quote:
According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected. Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted...
Large-scale attack on WordPress
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #7 (permalink)  
Old 05-11-2010, 09:08 PM
zeruel's Avatar
v7n Mentor
 
Join Date: 03-28-07
Location: UK
Posts: 4,348
iTrader: 0 / 0%
Read about that article this morning. I was about to post it here too.

Also found this thread from WP Security Lock which has a good discussion about the issue. Check it out as well.
__________________
Panda Lover
Tweet Me, Maybe?
"Life is what you make it, so lets make it rock!"
 
Reply With Quote
  #8 (permalink)  
Old 05-11-2010, 09:56 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Quote:
Originally Posted by zeruel View Post
Read about that article this morning. I was about to post it here too.

Also found this thread from WP Security Lock which has a good discussion about the issue. Check it out as well.
There is a good set of fix instructions there.
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #9 (permalink)  
Old 05-12-2010, 02:17 AM
zeruel's Avatar
v7n Mentor
 
Join Date: 03-28-07
Location: UK
Posts: 4,348
iTrader: 0 / 0%
Quote:
Originally Posted by full house View Post
they should improve the feature of WP why they are making it complicated?
I didn't get your point here. Complicated? Have you read the link?
__________________
Panda Lover
Tweet Me, Maybe?
"Life is what you make it, so lets make it rock!"
 
Reply With Quote
  #10 (permalink)  
Old 05-12-2010, 10:34 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
What’s Up with Go Daddy, WordPress, PHP Exploits and Malware?

Post from GoDaddy regarding the current attacks going on: What’s Up with Go Daddy, WordPress, PHP Exploits and Malware?

Remember: This is not a GoDaddy specific incident.
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #11 (permalink)  
Old 05-17-2010, 08:57 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Breaking News: WordPress Hacked with losotrana on Go Daddy

Quote:
Reports of WordPress blogs self-hosted at GoDaddy.com and have been infected with the losotrana[dot]com/js.php on Monday, May 17, 2010.

Warning: This is dangerous malware! This scareware injection tries to infect your site visitor's computer. If your visitors do not have an up-to-date anti-virus program running, their computers could get infected....
Breaking News: WordPress Hacked with losotrana on Go Daddy Monday, May 17, 2010

The Latest Information on Compromised Sites - GoDaddy blog 5-17-2010
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #12 (permalink)  
Old 06-09-2010, 10:12 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Cloudisthebestnow hacked WordPress at Godaddy

Quote:
On June 8, 2010 at approximately 3pm EST self-hosted WordPress blogs, along with other PHP based websites started getting attacked with cloudisthebestnow malware. This is a server-side hacker attack. We have confirmed reports of hacked websites hosted at Go Daddy again. However, other hosting companies may also be affected.
Breaking News: WordPress Hacked with cloudisthebestnow on GoDaddy

Bolding added by yours truly.
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #13 (permalink)  
Old 08-19-2010, 02:59 PM
theprodigy's Avatar
Junior Member
 
Join Date: 08-15-10
Posts: 28
iTrader: 0 / 0%
Too bad I did not found this thread earlier there would have been some valuable information for me and would have saved me a lot of time!

@The (last) Wordpress hack: some hosting companies (not gonna say names) really failed. I read there were people being hacked six times others lost parts of their site/content. From some of those big hosts I really expected more professionalism.
 
Reply With Quote
  #14 (permalink)  
Old 09-20-2010, 02:30 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
myblindstudioinfoonline.com malware

This is not meant to pick on GoDaddy, it's so you all are aware no matter what hosting you use.

Saturday, September 18 12:09 PM
Quote:
WordPress hacked with myblindstudioinfoonline malware on Godaddy
We have confirmed reports that numerous websites hosted at GoDaddy have been hacked with myblindstudioinfoonline.com malware, including WordPress blogs.

Our first confirmed report of an infected site hosted at Go Daddy was on September 17, 2010 at 5:27pm, the time in which all the .php files were changed.

At this time, it is unclear as to whether any other hosting provider has been affected.
WordPress hacked with myblindstudioinfoonline malware on Godaddy

Monday, September 20 8:00 AM
Quote:
On September 17, 2010, numerous websites hosted at GoDaddy, including WordPress blogs, were hacked with myblindstudioinfoonline.com malware.

Affected websites got injected with a long malicious script located at the top of .php files that starts with <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb...

...On September 19, 2010 at 9 pm CST, we received a new statement from Go Daddy that they've cleaned and restored all affected websites...

...At this time, it's still unclear whether other websites hosted elsewhere have been affected. If you know someone hosted elsewhere that experienced this malware, please leave a comment below.
Update: GoDaddy Resolves myblindstudioinfoonline Malware Hacked Websites
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #15 (permalink)  
Old 10-04-2010, 05:38 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Malware Attack: meqashopperinfo Hacks WordPress sites at 123-reg

Quote:
As of October 4, 2010, we have confirmed reports of websites hacked with a fake AV malware that are hosted at www.123-reg.co.uk. The meqashopperinfo malware injects a very long script that starts with <?php /**/ eval(base64_decode("aWYoZ.... and infected .php files, including self-hosted WordPress blogs.

This is dangerous malware and can infect site visitors computers. If you're hosting at 123-reg, please check your .php files immediately for any malicious code.
Malware Attack: meqashopperinfo Hacks WordPress sites at 123-reg
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #16 (permalink)  
Old 11-30-2010, 03:57 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
WordPress 3.0.2

Quote:
Posted November 30, 2010 by Mark Jaquith. Filed under Releases,Security.

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area.
WordPress 3.0.2 - Wordpress News Blog
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #17 (permalink)  
Old 12-01-2010, 08:20 AM
Junior Member
 
Join Date: 09-06-10
Posts: 4
iTrader: 0 / 0%
Wow, This thread are very good, just found!. Hope it is not too late for me. I did not read all the links yet but would like to say thanks for everyone who update very interesting news on this thread.
I wish somebody can stop those criminal people very soon.
 
Reply With Quote
  #18 (permalink)  
Old 12-08-2010, 02:53 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
WordPress 3.0.3

Quote:
WordPress 3.0.3 is available and is a security update for all previous WordPress versions.

This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

These issues only affect sites that have remote publishing enabled.

Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen.

Download 3.0.3 or update automatically from the “Dashboard → Updates” screen in your site’s admin area.
WordPress 3.0.3 - WordPress News
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #19 (permalink)  
Old 12-24-2010, 01:29 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
Malware Attack: acrossuniverseitbenet Hacks WordPress Sites

Quote:
On December 22, 2010, we received several reports that a new malware attack (acrossuniverseitbenet) has infected WordPress sites hosted at GoDaddy and possibly other hosting providers.

The malware script injected is as follows:

(I have put spaces in the url below for your protection so you can't click to open the url.)

<script src="http:// acrossuniverseitbenet .com/js.php?kk=10" > </script>

The worst part about this virus is it's much harder to clean. The malicious hackers have stepped it up a notch and decided to infect the WordPress database and not just server files. The above script is injected inside every single page and posts inside the database (wp_posts table).

This malicious script redirects website visitors to various sites hosting "Fake AV" websites and some are zero-day attacks. A zero-day attack means that anti-virus programs may not yet have their definitions updated and your computer can become infected even with up-to-date software.
Continued: Malware Attack: acrossuniverseitbenet Hacks WordPress Sites
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #20 (permalink)  
Old 12-29-2010, 02:18 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,581
iTrader: 5 / 100%
3.0.4 Important Security Update - Official Wordpress News

Quote:
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.
http://wordpress.org/news/2010/12/3-0-4-update/
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Blogging Forum

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sms Alerts Beergoggles Web Design Lobby 3 07-03-2007 10:10 AM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 03:46 PM.
Powered by vBulletin
Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2014 Escalate Media




Search Engine Optimization by vBSEO 3.6.0 RC 2 ©2011, Crawlability, Inc.