Wordpress Version 2.2 Hack Warning
I’ve came across a few posts in the last day or so who have spoke about Russian hackers trying to hack into older versions of Wordpress. Garry Conn had around 100 of his blogs hacked due to a security hole in Wordpress 2.2.
I strongly encourage all Wordpress users to upgrade to version 2.2.1 if you have not already done so. You might have to be pretty unlucky to get hacked but 15 minutes out of your day to do an upgrade is nothing compared to the time you would spend trying to fix your blog if you did get hacked. I had my discussion forums hacked last year by Turskish hackers and believe me, it’s a real pain in the butt! (They had left messages saying F”#K USA….clearly they didn’t take the time to read my about page which states that I’m Scottish!)
Good luck,
Kevin
alamster | July 6th, 2007 at 9:07 pm #
In day two of wp 2.2.1 out is make little research to see if a few blogger already upgrade to 2.2.1, suprise to see only problogger did. JohnChow upgrade later and others. But as time I write it, one of them still using WordPress 2.1.2
Garry Conn | July 7th, 2007 at 3:11 am #
LOL!!!
And let me tell you how terrible of a day I had trying to repair all my blogs! I was very close to throwing in the towel and hitting up McDonald’s for an application for employment!
But I’ll tell you, when Wordpress.org announcements that they have an update, I totally suggest updating your WP Installs very quickly and make it a Priority A task on your to-do-list for the day. Oh my goodness… I don’t wish that upon anyone! That just, simply put… sucked!
Kevin, I have been reading your blog here and there every since it got covered on JohnChow.com. I really like what you have been doing and find this place to be very useful. Keep up the excellent work… and you can officially add a new regular reader to your list. Nice work man!
Best Regards,
Garry Conn
Kevin | July 7th, 2007 at 6:09 am #
Thanks Gary - I’m glad you like the blog
Are all your blogs hosted on your own server ie. do you think your host could have rolled it back for you. I’ve had my hosting company do this for me a few times when something has happened
cooliojones | July 7th, 2007 at 6:40 pm #
I’d like to tell everyone out there that it doesn’t take too too long to do the update (unless you’re Gary, lol) but it is worth it to prevent problems and keep you work intact. Also get the plugin for Wordpress that facilitates the backup procedure.
Garry Conn | July 8th, 2007 at 3:35 am #
@ Kevin,
Without saying too much and making them angry if they stumbled upon this post one day, their support efforts are a little less than to be desired. A classic issues of a typical blogger who is expected to wear many other hats… one of which is being a server administrator. I have a VPS account running WHM/Cpanel and needless to say, I have done a few self help courses on maintaining a server now! It’s all situational I guess… but heck, it comes with the game we play, right?
You are right. Doing a roll back could have been an option. Maybe it was on their end… but it was never offered to me. If I had known better, I would have had a back up copy for myself, which I now know how to do.
There were many things that lead to my dot Com crashes. The lack of updating Wordpress was the entrance deep into the bowels of my entire server. My WHM/Cpanel software wasn’t up to date, and that IFRAME code was written to just about every php file you could possibly imagine. Eventually (oh… 12 hours later after ranting and raving) my host finally did something about it, because I guess it finally dawned on them they this could now be more a “Their Problem” issue for the fact that this code was deep within my server which puts their entire network at risk. LOL… God forbid they listen to my warnings early that morning…
Hey man… what happened to the good old days of running a web server off your desktop computer? Heck I used to do that all the time, and now a days with connection speeds being so fast, maybe that might be an option again! I can keep my personal computer safe… it just takes a little more skill doing this with my server! Live and learn…