DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Web Site Building & Maintenance

Reply
 
Thread Tools Display Modes
Old 06-18-2009, 01:30 PM   #1
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default WordPress 2.8 released

I had a WordPress adventure yesterday. Decided to update a WP 2.7.1 site to 2.8, and when I went to check the config.php file, found two odd directories with nasty PHP files in them (one was just above that file in the list, which is why I noticed it).

I asked a security maven to look at one of them and he said the file can create “randomly named subdirectories, creates PHP files in them with the content passed in through forms, so they can contain anything, and can delete all traces of them on command.”

Yikes! Word to the wise: Update whenever a new version is released. The process has been made much easier recently, and it appears we really do need the protection!

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 06-18-2009, 02:43 PM   #2
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default

Not only is it a one click update, but if you subscribe to the development feed you get told as soon as there is a new release.
http://wordpress.org/development/feed/

I didn't think there were any security issues with 2.7.1 - did you check the dates of the odd files?

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 06-19-2009, 08:12 AM   #3
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default

Quote:
Originally Posted by Kelvyn View Post
Not only is it a one click update, but if you subscribe to the development feed you get told as soon as there is a new release.
http://wordpress.org/development/feed/

I didn't think there were any security issues with 2.7.1 - did you check the dates of the odd files?
I didn’t think so, either, but the tech guy at the hosting service said it was a WordPress exploit. The PHP file was dated in March, so it could have been there earlier than 2.7.1 — maybe. (Don’t know the date of the directory that included it.)

But I always update WordPress by checking the config.php, and this odd directory was just above it, and it stuck out like a sore thumb. Hard to think I could ever have missed it, but you never know.

I saw that one-click option, but didn’t trust it. Really works, huh? (But then I probably wouldn’t have been checking the server files, and who knows what might have happened.)

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WordPress 2.6 released early ktinkel Web Site Building & Maintenance 4 07-31-2008 01:40 PM
WordPress 2.2.1 available ktinkel Web Site Building & Maintenance 20 06-23-2007 11:58 PM
Wordpress 2.1.3 released Kelvyn General Publishing Topics 0 04-03-2007 02:00 AM
WordPress 2.1 released Kelvyn Web Site Building & Maintenance 4 01-27-2007 11:20 AM
WordPress - getting my feet wet ktinkel Web Design 45 12-13-2006 11:25 AM


All times are GMT -8. The time now is 06:18 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.