WordPress.org

Ready to get started?Download WordPress

Forums

Technorati warning (8 posts)

  1. Jayvie Canono
    Member
    Posted 6 years ago #

    Today I received the following warning for one of my client websites:

    Dear [redacted],

    I hate automated messages as much as anybody, however there is a
    situation that concerns thousands of bloggers. I'm contacting you
    regarding information related to your Technorati profile
    ([redacted])
    and the blog you've claimed on Technorati
    [redacted]

    According to our data, that blog is running a version of WordPress that
    may be suffering from a security vulnerability. See
    http://wordpress.org/development/2008/02/wordpress-233/
    The version we have on record is WordPress 2.0.11

    Does version 2.0.11 have this issue? If not, has Technorati been alerted of this? My client is not ready to upgrade to 2.5, and probably won't be until I can give about twenty hours to rewriting a lot of her theme code.

  2. digitalvision
    Member
    Posted 6 years ago #

    Everything I am reading so far is that most of the vulnerabilities are for anything below 2.3.3. Can you get your client that far - for now - for less hours?

    Technorati is playing it safe - there are some serious spam exploits that are going on it seems. I wouldn't expect Technorati to change it's policies, as they need to protect the safety of their visitors and they can't analyze every blog out there.

    Sorry, I'm sure it's not the answer you want :-(

  3. Len
    Member
    Posted 6 years ago #

    Anything below 2.3.3 is exploitable however 2.0.11 is the latest of the 2.0 branch, is stable and is being actively maintained until 2010. More info here.

  4. StrangeAttractor
    Member
    Posted 6 years ago #

    I had thought the 2.2.3 version was fairly secure according to my research -- can someone correct me if I'm wrong?

  5. whooami
    Member
    Posted 6 years ago #

    http://www.milw0rm.com/exploits/4721

    there you go.. Note the "Affected version: WordPress <= 2.3.1"

  6. Rok
    Member
    Posted 6 years ago #

    Technorati has decided to not index WordPress blog untill you upgrade to WordPress 2.5.

  7. StrangeAttractor
    Member
    Posted 6 years ago #

    whooami - thanks for that heads up. I will be checking milworm faithfully.

    For the particular exploit you listed, it seems that the fix is to convert the database character set over to UTF-8.

    Are there any other sites you recommend like milw0rm for security news about WP?

  8. whooami
    Member
    Posted 6 years ago #

    theres all kinds of 'em .. securiteam.com, for instance, What sets milw0rm apart isnt the fresh content, so much as once something shows up on there, you know the script kiddies have it.

    It takes no skill to get a shell, grab a perl script of there and run it.

Topic Closed

This topic has been closed to new replies.

About this Topic