Upgrade Wordpress NOW - GoFuckYourself.com

kektex · 09-07-2009, 07:21 PM

For those of you who have been putting off upgrading your blogs, now is the time to do it.
There's a wp worm doing the rounds inserting spam links and stuff.Apparently it's pretty efficient and the number of compromised WP installs is growing at an alarming rate.

http://lorelle.wordpress.com/2009/09...-under-attack/

http://www.journeyetc.com/uncategori...-rss-problems/

fris · 09-07-2009, 07:33 PM

those hackers!

kektex · 09-07-2009, 07:42 PM

Fris, since you are the wp ninja I've been meaning to ask you something:
Is there any way to upgrade several blogs on various hosts automatically?

I've been thinking of installing WP Mu since I mostly use the same plugins on all my blogs and it might be easier to just use a single wpmu installation instead of going in and updating each one individually.

Is this a good idea?

Joshua G · 09-07-2009, 10:25 PM

whats the point of updating if...

Reports are that this attack impacts ALL versions of WordPress up to 2.8.3 and 2.8.4, the most recent release.

Iron Fist · 09-07-2009, 10:29 PM

I think we can insert a timeline pic here....

pornocruto · 09-08-2009, 12:53 AM

Quote:

Originally Posted by sharphead

I think we can insert a timeline pic here....

TheDA · 09-08-2009, 02:04 AM

Quote:

Originally Posted by kektex

For those of you who have been putting off upgrading your blogs, now is the time to do it.
There's a wp worm doing the rounds inserting spam links and stuff.Apparently it's pretty efficient and the number of compromised WP installs is growing at an alarming rate.

http://lorelle.wordpress.com/2009/09...-under-attack/

http://www.journeyetc.com/uncategori...-rss-problems/

What are you supposed to upgrade to? That first link has people saying that 2.8.4 got exploited too!

Voodoo · 09-08-2009, 02:06 AM

Why not just change your version number to a non-existent one, and move your admin directory?

fris · 09-08-2009, 03:26 AM

remove_action('wp_head', 'wp_generator');

kektex · 09-08-2009, 06:17 AM

Quote:

Originally Posted by TheDA

What are you supposed to upgrade to? That first link has people saying that 2.8.4 got exploited too!

Hehe that obviously wasn't there when I posted this. When I read that site, it said that only versions prior to 2.8.4 were vulnerable.

This sucks.

CaptainHowdy · 09-08-2009, 06:30 AM

Damm ........

The Duck · 09-08-2009, 06:37 AM

htaccess password protect your admin area.

Screwed Up · 09-08-2009, 07:02 AM

Quote:

Originally Posted by The Duck

htaccess password protect your admin area.

What he said. And disallow any ip but your own...

fris · 09-08-2009, 07:05 AM

ya best way is to use htaccess in your admin area

http://www.wptavern.com/top-5-wordpr...ly-dont-follow

09-08-2009, 08:55 AM

Quote:

Originally Posted by kektex

Hehe that obviously wasn't there when I posted this. When I read that site, it said that only versions prior to 2.8.4 were vulnerable.

This sucks.

There are people reporting that their 2.84 versions are being hacked with this, but it appears they are just people that had older versions that were already hacked, then they just upgraded over top of the hacked site (they may or may not have known it was hacked already), which was too late.

Davy · 09-08-2009, 09:15 AM

Show me a link to a hacked wordpress site or it didn't happen...

~Ray · 09-08-2009, 09:19 AM

just turn off the 777 settings after you finish editing your blog. Then nothing can be modified. Lots of peeps forget to do that.

VforVendetta · 09-08-2009, 09:19 AM

Thanks for the advise

Tjeezers · 09-08-2009, 09:28 AM

Quote:

Originally Posted by fris

ya best way is to use htaccess in your admin area

http://www.wptavern.com/top-5-wordpr...ly-dont-follow

I was one of the dumb people who dont give a jerk about security
Until i got flipped years ago by it..You need to feel to believe i think.

Stop acting like your blind, and follow those 5 simple steps to disappear from the eye of the bad one. You dont want your shit to be hacked I am SURE!!!!!!!!!!

DO THOSE TIPS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Tjeezers · 09-08-2009, 09:31 AM

PS i Use the Admin Redirect
I have asked many to access it, they only see my main site
Their IP is not allowed to come even close to what is called ADMIN

This is one of the best basic " Safe your own ass " things you can do
Takes you 5 minutes to upload one file to your wp-admins

PS i thank GFY for making me aware of those issues more. Turning a blind eye here is not so easy when you want to make some money. Props to Fris!

ilbb · 09-08-2009, 09:40 AM

I've script that checks CRC of my PHP files every 15minutes.

tranza · 09-08-2009, 10:16 AM

Quote:

Originally Posted by sharphead

I think we can insert a timeline pic here....

I always laugh when I see this...

NoWhErE · 09-08-2009, 10:20 AM

I suck at HTACCESS, could someone post the code for the admin area?

Sunny · 09-08-2009, 11:35 AM

but please be careful!! first back up your data and then upgrade your wp script

09-07-2009, 07:21 PM	#1
kektex Confirmed User Industry Role: Join Date: Mar 2005 Location: elkektex at gmail Posts: 1,813	Upgrade Wordpress NOW For those of you who have been putting off upgrading your blogs, now is the time to do it. There's a wp worm doing the rounds inserting spam links and stuff.Apparently it's pretty efficient and the number of compromised WP installs is growing at an alarming rate. http://lorelle.wordpress.com/2009/09...-under-attack/ http://www.journeyetc.com/uncategori...-rss-problems/

09-07-2009, 07:33 PM	#2
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	those hackers! __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

09-07-2009, 10:29 PM	#5
Iron Fist Too lazy to set a custom title Join Date: Dec 2006 Posts: 23,400	I think we can insert a timeline pic here.... __________________ i like waffles

09-08-2009, 02:06 AM	#8
Voodoo ♥ ♦ ♣ ♠ Industry Role: Join Date: Sep 2002 Posts: 10,591	Why not just change your version number to a non-existent one, and move your admin directory? __________________ "I'm selflessly supporting the common good, but only coincidentally looking out for No.1."

09-08-2009, 03:26 AM	#9
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	remove_action('wp_head', 'wp_generator'); __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

09-07-2009, 07:42 PM	#3
kektex Confirmed User Industry Role: Join Date: Mar 2005 Location: elkektex at gmail Posts: 1,813	Fris, since you are the wp ninja I've been meaning to ask you something: Is there any way to upgrade several blogs on various hosts automatically? I've been thinking of installing WP Mu since I mostly use the same plugins on all my blogs and it might be easier to just use a single wpmu installation instead of going in and updating each one individually. Is this a good idea?

09-07-2009, 10:25 PM	#4
Joshua G dumb libs love censorship Industry Role: Join Date: Jul 2008 Posts: 8,198	whats the point of updating if... Reports are that this attack impacts ALL versions of WordPress up to 2.8.3 and 2.8.4, the most recent release.

09-08-2009, 06:30 AM	#11
CaptainHowdy Too lazy to set a custom title Industry Role: Join Date: Dec 2004 Location: Happy in the dark. Posts: 93,567	Damm ........

09-08-2009, 06:37 AM	#12
The Duck Adult Content Provider Industry Role: Join Date: May 2005 Location: Europe Posts: 18,243	htaccess password protect your admin area. __________________ Skype Horusmaia ICQ 41555245 Email [email protected]

09-08-2009, 07:05 AM	#14
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	ya best way is to use htaccess in your admin area http://www.wptavern.com/top-5-wordpr...ly-dont-follow __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

09-08-2009, 09:15 AM	#16
Davy Confirmed User Industry Role: Join Date: Apr 2006 Location: Germany Posts: 4,323	Show me a link to a hacked wordpress site or it didn't happen... __________________ --- ICQ 14-76-98 <-- I don't use this at all

09-08-2009, 09:19 AM	#17
~Ray visit hardlinks.org Industry Role: Join Date: Jun 2003 Location: Las Vegas , Nv >>> [email protected] or icq 94994627 anytime Posts: 18,362	just turn off the 777 settings after you finish editing your blog. Then nothing can be modified. Lots of peeps forget to do that. __________________ Adult Backlinks for Adult Websites - Testimonials Available

09-08-2009, 09:19 AM	#18
VforVendetta Confirmed User Join Date: Mar 2006 Posts: 2,526	Thanks for the advise __________________ Free the world

09-08-2009, 09:31 AM	#20
Tjeezers Webmaster Industry Role: Join Date: Mar 2007 Location: BP4L - NL/RO Posts: 16,572	PS i Use the Admin Redirect I have asked many to access it, they only see my main site Their IP is not allowed to come even close to what is called ADMIN This is one of the best basic " Safe your own ass " things you can do Takes you 5 minutes to upload one file to your wp-admins PS i thank GFY for making me aware of those issues more. Turning a blind eye here is not so easy when you want to make some money. Props to Fris! __________________ Enroll in the SWAG Affiliate Asian Live Cam Program and get 9 free quality linkbacks from my network! Wanna see how old school I am? Look at this! All my Cam Review Sites are here!

09-08-2009, 09:40 AM	#21
ilbb Confirmed User Industry Role: Join Date: May 2005 Location: EU - Czech republic Posts: 3,025	I've script that checks CRC of my PHP files every 15minutes.

09-08-2009, 10:20 AM	#23
NoWhErE Too lazy to set a custom title Industry Role: Join Date: Sep 2005 Location: Canada Posts: 10,383	I suck at HTACCESS, could someone post the code for the admin area? __________________ skype: lordofthecameltoe

09-08-2009, 11:35 AM	#24
Sunny Confirmed User Join Date: Feb 2007 Posts: 1,981	but please be careful!! first back up your data and then upgrade your wp script __________________ >>>>>>>>>>Offering Quality PR Hardlinks<<<<<<<<<< 1- 50 PR Homepage Adult Links 2- Lifetime Featured & Regular Listings in 25 PR Adult Directories 3- Lifetime Unique, Quality & Copyscape Passed Blogpostings in 25 PR Adult Blogs Contact Me!!! ICQ: 199-024-695