I retired from personal blogging in July 2008 but you can find me over at blog.xero.com

Hacked!
Posted by rod@drury.net.nz in Blogging, WordPress at 6:51 pm on Friday, 7 March 2008

Or something else nasty happened. Maybe WordPress was exploited.

You may have noticed I’ve been quiet for a few days but my WordPress site was crippled by some nasties.

There was hidden messages, pages deleted, links added in, couldn’t post. Horrible.

My regular WordPress dude has moved to Oz and I couldn’t even write a post to ask for help.

Siggy recommended local WordPress wiz Miraz who came in like a guardian angel and sorted me out. Thank you so much.

I’m now up to WordPress 2.3.3 (editor still doesn’t work in Safari).

Lots happening, posting flurry coming.

Trackback uri |

Comments(4)

    Comment by M Freitas at 8:41 am on 8 March 2008

    It’s a jungle out there…

    But do you really need THREE captchas?




    Comment by Rod at 9:50 am on 8 March 2008

    Whoops. Sorry.




    Comment by Mike at 11:07 pm on 18 March 2008

    Looks like the vulnerabilities are still there, latest hole exposed.

    WordPress — WordPress
    Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.

    Reference:- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1304

    Just app not written with security and safety of the user in mind, look for patches from Wordpress.

    No means listed to mitigate the risk

    Regards Mike




    Comment by Nic Wise at 6:20 am on 30 March 2008

    Wordpress 2.5 is out, too - more safari friendly, I’m told. Mine is updating now

    http://wordpress.org/development/2008/03/wordpress-25-brecker/