If you run a wordpress blog, you should be reading Blogsecurity. This is the feed I use, that only includes the wordpress advisories. I think it’s a damn shame that this feed isn’t included in the wordpress planet that’s syndicated across everyone’s dashboard. Security is far more important than wordcamp.
I’m only bringing this [...]

Wordpress 2.3.3 Spam Exploit

If you run a wordpress blog, you should be reading Blogsecurity. This is the feed I use, that only includes the wordpress advisories. I think it's a damn shame that this feed isn't included in the wordpress planet that's syndicated across everyone's dashboard. Security is far more important than wordcamp.

I'm only bringing this up because there's a new Wordpress 2.3.3 exploit that's as-yet unpatched. So far it seems to only affect blogs with open registration, but no one's yet sure what exploit is being targetted. So far the only stopgap solution is to create a directory in wp-content/ called 1/, and set the permissions to 000, using an FTP program:

000

While you're in there, you should also make sure your wp-content/ directory is set to 755, and you should set wp-content/index.php to 444, since the exploit seems to replace that file as well.

This entry was written by adam, posted on 27 Mar 2008 at 10:24, filed under blogging and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
Sarah Marshall is evil
Graded.

One Comment

  1. avatar
    Dr. Mike Wendell
    Posted 9 Apr 2008 at 2:39 |
    Permalink Quote

    Was wondering about that. We were getting tens of thousands of these every day.

    Thanks,
    -drmike

Post a Comment

Your email is never published nor shared. Comments that do not follow the guidelines may be removed. By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution. Required fields are marked *
↓ Preview