Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,194,432 members, 7,954,721 topics. Date: Saturday, 21 September 2024 at 07:54 AM |
Nairaland Forum / Science/Technology / Webmasters / Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. (2772 Views)
Were You Affected By Google Penguin 2.1 Update On October 4? / Webpage Maker V 3.2 / Yookos Version 2.1 (2) (3) (4)
Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by hostsleek(m): 2:05pm On Aug 18, 2011 |
[size=13pt]Bad news for just about every WordPress blogger out there. Thousands of WordPress 3.2.1 installations are at risk of being compromised. It has been found that the latest version 3.2.1 of WordPress, an extremely popular suite of tools for powering blogs, is vulnerable to XSS injection attack which allows users to inject malicious JavaScript as a result of failure in sanitizing the comments field. Thousands of WordPress Website are being ha-cked everyday. http://www.hungry-hackers.com/2011/08/xss-injection-vulnerability-in-wordpress-321.html[/size] |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 2:11pm On Aug 18, 2011 |
I guess you should read deeper to see another post http://www.hungry-hackers.com/2011/08/false-alarm-xss-vulnerability-in-wordpress-321.html Now summarize for us please. |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by hostsleek(m): 2:16pm On Aug 18, 2011 |
I have got lots of complain from people that did upgrade from last week to yesterday. http://discussion.dreamhost.com/thread-130607.html Another Thread |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 2:20pm On Aug 18, 2011 |
And what's their complains? Did you run a vulnerability test to ascertain that it is vulnerable to XSS attacks? |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 2:38pm On Aug 18, 2011 |
I also hope you read this from the URL you pointed out as well. http://codex.wordpress.org/Hardening_WordPress You also should know what plugins you use and what codes make them up too. Get all these to safety and when they all fail you, you can raise an alarm else don't because further claims from many other posts all later posted safe again and I am yet to figure out why. I guess after you verification you might end up like them too. Safe! |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 12:01am On Aug 19, 2011 |
@OmniPotens what are you saying, my website have been hacked twice now in less than 48 hours, |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 11:07am On Aug 19, 2011 |
Is your website running on WordPress? What plugins are you using and how secure too is your hosting server? What satisfies the fact that actually it was the framework that created the loop and not as a result of the running plugins or insecurity of your hosting server? |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 1:49pm On Aug 19, 2011 |
yes my website is running on wordpress and i think my hosting server is secure, i used some plugins and themes and i think that is how it got ha-cked,, although am running installation of the wordpress at fresh again and trying to do a better securing, like # protect the htaccess file <files .htaccess> order allow,deny deny from all </files> # disable the server signature ServerSignature Off # limit file uploads to 10mb LimitRequestBody 10240000 # protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files> #who has access who doesnt order allow,deny #deny from 000.000.000.000 allow from all #custom error docs ErrorDocument 404 /notfound.php ErrorDocument 403 /forbidden.php ErrorDocument 500 /error.php # disable directory browsing Options All -Indexes #redirect old to new Redirect 301 /old.php http://www.yourblog.com/new.php # remove category from link RewriteRule ^category/(.+)$ http://www.yourblog.com/$1 [R=301,L] #block referring domains RewriteEngine on RewriteCond %{HTTP_REFERER} digg\.com [NC] RewriteRule .* – [F] #disable hotlinking of images with forbidden or custom image option RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourblog.com/.*$ [NC] #RewriteRule \.(gif|jpg)$ – [F] #RewriteRule \.(gif|jpg)$ http://www.yourblog.com/stealingisbad.gif [R,L] # php compression – use with caution <ifmodule mod_php4.c> php_value zlib.output_compression 16386 </ifmodule> # set the canonical url RewriteEngine On RewriteCond %{HTTP_HOST} ^yourblog\.com$ [NC] RewriteRule ^(.*)$ http://www.yourblog.com/$1 [R=301,L] # protect from spam comments RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L] i hope this would hep?? |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 7:10pm On Aug 19, 2011 |
I think you need to know from where your attack came from. You also need to harden your WordPress installation too. Know what plugins you are installing as well. There are even some plugins that will help you with most of these mod_rewrite or .htaccess configurations. Don't forget to check your file permissions too. In summary, before you come out and acclaim something is not functional, first of all ensure that you took all necessary precautions to satisfy that errors are not from your end. I think what you should do is just to install only the WordPress framework then try hacking it. If you easily get that then you can alert us again. But after installing all your plugins and you hack and succeed then you can start figuring out where your problem is coming from. I will suggest you try to look into the make up codes of the plugins you are installing. Not the best to just auto install them without knowing what the codes look like. I was thinking you were going to switch to either Joomla or Drupal but you are sticking back to WP, Safe! |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 9:47pm On Aug 19, 2011 |
^^^^^ are you saying joomla and drupal are better? |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 12:16am On Aug 20, 2011 |
Not at all. Your choice. I was only drawing your attention to them in case you hated WordPress. |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 4:45am On Aug 22, 2011 |
wordpress looks lil cool, am trying to find more space to concentrate on it, thanks for your views |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 8:50am On Aug 22, 2011 |
they are at it again, these hackers wont let me rest,,, Omni-potens, dual-core, *dhtml, hostsleek |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 8:54am On Aug 22, 2011 |
please how do i get out from this mess,,, i tried alot but i think the hack is through the wp- direct |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 11:34am On Aug 22, 2011 |
What hack attempt was made and what do you think is their target? What plugins did you install? Are you using a theme that's nulled? Hope you checked they are not having any scripts attached which verifies domain names using their themes to see if they were genuinely purchased? You have to verify all these ok? Why not still install only the WordPress framework and see if they'll hack it down too. That will give you an insight into what actually is happening |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 4:06pm On Aug 22, 2011 |
i installed some plugins like bulletproof security,antivirus, social connect, tweet and like, and one other SEO plugin, the script is nulled and when i use the default, it doesnt get hacked,,, |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by OmniPotens(m): 4:20pm On Aug 22, 2011 |
Now you can see that you never talked about anything nulled but I brought the issue up because I knew that was another avenue that hacking attempts could come from but in your case I have not said "it is where it came from." See if you can get on without the nulled thing to see if the attacks still come through. |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by WebSurfer(m): 11:35pm On Aug 22, 2011 |
yes am doing that niw, and waiting for like one week to see if that happens again |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by crossman9(m): 12:22am On Feb 06, 2012 |
(Yookos) you own the cosmos Meaning the universe Which is has been re-interpolation into “You Own the World” some computer have Gremlins in it, but (Yookos) has pastor Chris in it, who works for his father the Devil he over shadows his life? “Social Net Working Tools Made for Cults” WARNING ENTER IN AT YOUR OWN RISK
|
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by greenmouse(m): 9:24am On Feb 06, 2012 |
bad news, hope this is not true oh |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by iGuru1(m): 9:51am On Feb 06, 2012 |
crossman9:How dear you post such crap! Where do u belong. |
Re: Wordpress 3.2.1 Is Not Secure So Do Not Upgrade. by crossman9(m): 1:52pm On Feb 06, 2012 |
Do you think I am promoting this church I am not I am pointing out what the abbreviation means Yokoos means as the church teaches the earth is the lords and therefore fullness but is given it onto the sons of men they don't own all things like they claim |
(1) (Reply)
Learn Affiliate Marketing From Caleb Nwanneka / How Can I Enhance My Signature And Make It Bolder? / 9 Ways To Eliminate Spam In Your Community Forum
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 27 |