What makes you happy ?

"Karma man, just remember Karma. Treat things nice and nice things happen to you." © Claire

Looking at error logs> > || Home || < < A note about here.

Stop your blog being hacked.

21:17 Saturday 13 Aug 05

Put this in your .htaccess file that covers your blog. Do it now.

php_flag register_globals off

There is an exploit which has been reported and the above fixes it. Blogs are being hacked because of this and you MUST put that code in place.

UPDATE: The forum thread is here: http://wordpress.org/support/topic/41836 and the main advice in there is to replace your wp-settings.php with this file instead: new file. If you have modified your .htaccess you do not have to replace the file, but doing both will not cause anything to go wrong.

More: WordPress
  1. Vida Digital Zen
     1

    03:21 Sunday 14 Aug 05


  2. The Naked Truth
     2

    • Geekery, Blogging & Other Blogs (0) Comments August 13th, 2005 Mark says: Put this in your .htaccess file that covers your blog. Do it now. php_flag register_globals off There is an exploit which has been reported and the above fixes it. Blogs are being hacked

    20:32 Tuesday 16 Aug 05


  3. One Fine Jay
     3

    06:18 Monday 15 Aug 05


  4. Blogs Of The Day » Just another WordPress weblog
     4

    20:55 Saturday 13 Aug 05


  5. Tom Raftery
     5

    • Does it need to go anywhere in particular in the .htaccess file Mark?

    22:04 Saturday 13 Aug 05


  6. Mark
     6

    • Mine is just in with a bunch of other lines that are outside of the #WordPress code. In other sites I’ve just put it into, I’ve put that line at the start of the file.

      Alternatively, I just found this:
      http://www.kamigoroshi.net/archive/2005/08/13/771

    22:12 Saturday 13 Aug 05


  7. the absent student
     7

    • Thank you! I rarely venture into the forum these days, and the Dashboard is worse than useless, so if I didn’t subscribe to your feed I’d never find out these things.

    00:26 Sunday 14 Aug 05


  8. Tom Raftery
     8

    • Great,

      thanks Mark,

      Tom

    00:56 Sunday 14 Aug 05


  9. N. Mallory
     9

    • Hmmmm…this broke my Firefox plug-in for blogging websites — JustBlogIt.

    03:51 Sunday 14 Aug 05


  10. Footsteps in the Mirror » Attention All Wordpress Users
     10

    • [...] Update: Alternatively, I found out from this site that if you don’t want to upload the file, you can just add this line to your .htaccess and it will result in the same thing as well. php_flag register_globals off [...]

    04:51 Sunday 14 Aug 05


  11. white pebble
     11

    • Important

      What makes you happy ? » Stop your blog being hacked.:
      Put this in your .htaccess file that covers your blog. Do it now.

    05:08 Sunday 14 Aug 05


  12. joss
     12

    • Simply, Thank you Mark :grin:

    08:14 Sunday 14 Aug 05


  13. My Other Side of the Stories » » Wordpress v1.5.1.3 Exploit
     13

    • [...] From Tamba2, edit .htaccess file that covered your blog and add the following line: php_flag register_globals off [...]

    11:31 Sunday 14 Aug 05


  14. Command Execution Vulnerability in WordPress Affecting all Versions - Simple Thoughts - Java and Web Software
     14

    • [...] Mark has posted a fix here [...]

    18:19 Sunday 11 Sep 05


  15. Turn off register_globals - If..Else Log
     15

    • [...] Via Mark: As a security precaution, it’s recommended that register_globals is turned off. [...]

    23:54 Sunday 11 Sep 05


  16. gee
     16

    • thanks for the nice tip. Which version exactly of wordpress had this problem? still there in word press 2.0

    10:25 Sunday 5 Mar 06


θ α λ κ

Think. Then type.

*     *    

Comment RSS / Trackback




|| Home ||

FreshlyPressed - Feed - Privacy - 3.1.3 - 3,203 - 10,494 - 0.209