Monday, March 5, 2007

WordPress Hacked

The thing I had feared the most finally happened.

Okay, not the thing I feared the most, but one thing I was concerned would happen: WordPress was hacked.

Some time during the last week of February, someone hacked the most current version of WordPress (2.1.1). WordPress has the details:
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

Which means that blogs using the latest version of WordPress were vulnerable.

Including this little blog.

So, when I found out about the WordPress vulnerability, I had to update.

And with the issues I've had with my computer recently, it's not been easy to update.

You see, with Network Solutions hosting, I have to upload WordPress to the site and manually perform the update. With Dreamhost -- where this little blog used to reside -- it was really easy to update: just click a link and it was done.

Updating is a pain, to be sure. But it needed to be done.

And all because someone hacked WordPress' servers.

I'm not about to call for the death penalty for hackers. But beating with a large stick sounds in order.

4 comments:

  1. Actually that means if you happened to have downloaded WordPress during that time between their server being hacked and them fixing it your version is fine. If you downloaded it before or after then there's no need to change anything, if you do update you're putting back exactly what you had.

    ReplyDelete
  2. That should read your version needs to be changed if you downloaded it after the hack and before they fixed it. Otherwise there's no danger.

    ReplyDelete
  3. Huh?

    I would say that knowing 'when' it was hacked would be handy information. According to WordPress that would have been between 2/26/07 and 3/02/07. Even so, WordPress recommends that everyone upgrade to 2.1.2 just to be on the safe side.

    Bugger.

    Where's the hacker... I'm ready to 'tag-team'. ll meet ya in the alley with my large stick.

    ReplyDelete
  4. This little blog was upgraded to WordPress 2.1.1 within the timeframe of the danger. Like Stacy said, bugger.

    ReplyDelete

Please choose a Profile in "Comment as" or sign your name to Anonymous comments. Comment policy