Comments on: Maintenence Tonight

By: kablo kanali

kablo kanali — Mon, 03 Dec 2007 15:44:35 +0000

thanks

By: Mark

Mark — Fri, 16 Nov 2007 17:09:20 +0000

Hi Bittbox,

It’s just accepted best practice to not publish/advertise/glorify the work of script kiddies.

They’re in the cracking business for glory/backlinks(money), take away both and they lose their motive.

Maybe I’m being naive, but nevertheless, that is my view and just a suggestion.

Cheers

By: Tom

Tom — Wed, 14 Nov 2007 05:36:27 +0000

Jason:

> (Tom) Not sure why PHP is the issue…properly coded PHP works just fine.

Properly coded Java works just fine. That doesn’t mean it is good.

The problem is that PHP, out of the box, is terribly insecure. (check out that there is a “safe mode” for it and look at how many options there are for that).

It is only made worse by the culture of PHP development. I have seen a lot of PHP. Most of it completely fails to incorporate even the most basic concepts of modularity, abstraction and code reuse. It is often the victim of the worst thing computers ever gave us: copy and paste.

Besides …. As far as I am concerned, PHP is a “dumbed down” Perl. Why not just do everything in Perl? That way, you can keep your code OUT of the document directory like it SHOULD be.

ALL of WordPress’s executable code is in one directory tree, starting at the DocumentRoot. This is … not wise.

By: Oliver

Oliver — Wed, 14 Nov 2007 02:30:45 +0000

If it’s any consolation even sites run by programmers get bitten: I found the same message on ajaxian.com a while back (they seem to have fixed the issue)

By: Gilfil

Gilfil — Wed, 14 Nov 2007 00:11:12 +0000

One of my blogs was affected by this “hack”.

I could identify that everytime that the word “Select” or “select” is placed in a form or query (both GET and POST) on the URL, the hack attacks.

I have more than one blog running wordpress on the box, and only one was affected.

I am now replacing the full script….

By: BittBox

BittBox — Tue, 13 Nov 2007 22:24:32 +0000

Dino,

I wasn’t even using it, My sidebar uses the widget that comes with wordpress

~Bitt

By: Dino

Dino — Tue, 13 Nov 2007 22:22:01 +0000

Now why would somebody use a plugin for bringing out the Recent Posts? You can actually just use the WordPress loop. :)

By: Amy Gahran

Amy Gahran — Tue, 13 Nov 2007 21:57:03 +0000

Jay

On my blog, the problem was a hacked Akismet plugin, which has now been reinstalled.

Doesn’t look like they’re targeting one particular plugin, could be any plugin. But you and I were both hacked via plugins.

- Amy Gahran

By: jason

jason — Tue, 13 Nov 2007 21:55:00 +0000

(Tom) Not sure why PHP is the issue…properly coded PHP works just fine. Unfortunately significant portions of the open source community fail to code the necessary variable checking routines necessary to safely process data.

Bitt – I’m glad to hear that you found the vulnerable plugin…

jason…

By: BittBox

BittBox — Tue, 13 Nov 2007 19:36:27 +0000

Mark,
May I ask why?
~BItt

By: Israel Jernigan

Israel Jernigan — Tue, 13 Nov 2007 19:20:51 +0000

Awesome!!!! Glad you might have found the problem.

By: Mark

Mark — Tue, 13 Nov 2007 19:20:09 +0000

Bitt,

Please remove “Hacked by …..” from your post. “Hacked by kiddies” will do.

Thanks

By: BittBox

BittBox — Tue, 13 Nov 2007 19:07:10 +0000

Jonic You Rock!

A friend of mine in the UK found the problem. It was a hacked version of the “Recent Posts” plug-in. I deleted it and it seems to have fixed the problem! Still making sure. Thanks to everyone for helping.

~Bitt

By: MAD_MAN

MAD_MAN — Tue, 13 Nov 2007 18:51:32 +0000

hay, good luck … sorry i cant help you :( didn’t have to deal which security issues till now …

lg mad_man

By: Gerardo

Gerardo — Tue, 13 Nov 2007 16:54:23 +0000

Bitt that sucks im pretty sure that if you ask the support people of wordpress might help you out finding the problem.-

best of luck

By: dersu

dersu — Tue, 13 Nov 2007 16:45:55 +0000

f’in hackers, best of luck. looking forward to your return.

By: Tom

Tom — Tue, 13 Nov 2007 16:38:21 +0000

Yet another reason I don’t like PHP.

By: BittBox

BittBox — Tue, 13 Nov 2007 16:33:14 +0000

Amy,

I’m running the latest version of WP, so that won’t fix it. :(

~Bitt

By: contentious.com - This blog is still hacked, grrrrrrr…..

contentious.com - This blog is still hacked, grrrrrrr….. — Tue, 13 Nov 2007 16:17:06 +0000

[...] The blog BittBox is experiencing an identical problem. The comment thread there offers some [...]

By: Amy Gahran

Amy Gahran — Tue, 13 Nov 2007 16:06:27 +0000

Damn! This same exact thing just happened to me, and I have to prepare for a big trip too. Bad timing.

See: http://snipurl.com/1tktf

By any chance were you at Blogworld Expo? I was on the open wifi there and suspect that’s where the hacker sniffed my password.

I’m also currently running an older version of Wordpress. I’ve arranged for an upgrade, but that hasn’t happened yet.

Sounds like from what your commenters say that more might have been compromised on your site, and mine, than just Wordpress. I’m in over my head here, I don’t really understand server-side stuff. I’d appreciate assistance for how to fix this and secure my site more appropriately. I’ll be watching this thread for tips.

- Amy Gahran