Upgrade!
13:00 Friday 24 Jun 05
I’ve checked a few blogs, and some of you are not running the latest version of WP which is 1.5.1.2
There IS a security issue with previous versions. It has been reported in the forums so there will be people out there trying these exploits. Upgrade your blog!
- Upgrade to 1.5.1.2
- Then delete the following files:install.php, install-helper.php, upgrade.php, upgrade-schema.php
- Install IOError’s Bad Behavior plugin
- And while you are there, make sure your login password is a good one. Make it at least 8 characters and a mix of numbers, lower-case and upper-case letters. If you have other members with admin priviledges, nag them too about this.
- If you are okay doing in phpMyAdmin, you should change your ‘table_prefix’. It’s set in the wp-config file and if you just change it there you will get an error so you need to change all of them in the database.
More: WordPress
--
Read (5563)
1
Go Mark Go. - Bad Behavior Rocks.
13:33 Friday 24 Jun 05
2
[...] exploited! 12:44 pm Wordpress Asides Tagswordpress As Mark says if your running a wordpress version earlier than 1.5.1.2 then upgrade (please). [...]
13:45 Friday 24 Jun 05
3
Hello Mark
I looked for these files and can’t find them, Some kind person must have done it for me ;)?
I read somewhere that there was no need to do a full update to 1.5.1.2 Instead just copy over a line of code. Damn if I can remember who’s blog I got it from ? However it did not change the version number to 1.5.1.2
I saved the line of code but erm can’t find it now. Did anyone else do this ?
Bad behaviour was done last week and stop comment spam dead.
spell check gone wonky Mark
17:37 Friday 24 Jun 05
4
follow up to my previous post. I found the manual fix which is as follows; here is the link
Please note this does not update the version number to 1.5.1.2 it just stays as 1.5.1.1
1. Open the wp-includes/template-functions-category.php file in a text editor like Wordpad.
2. Go to around line 103 where it says get_the_category_by_ID.
3. Create a new line after that and paste in $cat_ID = (int) $cat_ID;
19:22 Friday 24 Jun 05
5
That IS the security fix yes, though there was a glitch or two elsewhere fixed I think, so a full upgrade is what I would recommend.
As it stands, with a single line of code someone can fully access your site.
19:29 Friday 24 Jun 05
6
Yes Mark, the way I have read it, it is the security update from WP as per link I posted. If I am wrong then please do let me know. Sorry if I got it wrong;(
19:59 Friday 24 Jun 05
7
Ill do mine later, when I get round to reinstalling my FTP client.
10:20 Saturday 25 Jun 05
8
Yesterday, while I was browsing through one of Mark’s posts I decided it’s really time to upgrade this blog from WP1.5.1.1. to 1.5.1.2. I did, and it was as smooth as always. Then I thought maybe would be a good idea to follow his other advice, too: doing something about the spam.
19:26 Saturday 25 Jun 05
9
[...] attempted UNION exploit For those of you using WordPress, you did heed Mark’ warning, upgraded to WP 1.5.1.2, and did the other steps that he recommend [...]
21:03 Saturday 25 Jun 05
10
As Mark says if you’re running a wordpress version earlier than 1.5.1.2 then upgrade (please). An expoit exists and lots of people are being hit! Tags: wordpress
22:22 Saturday 9 Jul 05