Posted 7 years ago #
I was reading a nice review/comparison between WP and Blogger this morning on Lockergnome, and the author's site (http://peterbarbosa.com/ - linked in the article) has apparently been hacked.
From what I can tell, he's using the latest WP (version 1.5), although I know nothing of his underlying configuration.
Is there a known security problem here?
Doesn't look good to someone like me who is looking for new weblog software :(
There are no known security issues with v1.5.
Posted 7 years ago #
*And* until we know it was not just a case of some jerk figuring out the password to his account...
Posted 7 years ago #
Let's hope that's the case. I just saw that Blog CMS was hacked.
Posted 7 years ago #
This was not a case of WordPress security (not directly, that is):
Posted 7 years ago #
"The hacker got into WordPress by accessing a admin account.. I accidently left a WP admin account open.. please do not do this at home."
Posted 7 years ago #
What does that mean, "I left a WP admin account open"? Does he mean he had the WP console up on the screen and then wandered away from the computer?
Exactly.
Posted 7 years ago #
Well, then, unless "he" works in a corp environment the size of MS/Redmond, he ought to by goddess KNOW who hacked him, right? Or at least the 2 or 3 most likely snarkers.
Posted 7 years ago #
If you followed the link I placed above, you'd read this:
"...just to let the hacker I know, I have the IP address, and I will be contacting the ISP for the damage they have done."
So it's unlikely the culprit wandered by Peter's desk during lunch.
just kinda curious why is this late February stuff rearing it's ugly head today?
Posted 7 years ago #
Tried, kafka, but timed out....
Posted 7 years ago #
dawg: Scroll up to pezastic's note about BlogCMS. I imagine after hearing that, he went a-searchin' and stumbled over this thread.
Yeah I did go back and see who brought it up! Thanks
Posted 7 years ago #
You got it. After reading about BlogCMS, I wondered if WP had any problems of its own. I can see now that it's A-OK!
Posted 7 years ago #
with regards to BlogCMS it was punBB that was hacked rather than BlogCMS itself. Personally I think BlogCMS is a piece of crap, but it looks moderately good out of the box, it's when you start playing with it reality dawns quickly. punBB was updated and the problem was resolved.
Posted 6 years ago #
Actually, my site was hacked using wordpress a few months ago, whoever did it corrupted the files on my site and deleted it completely. My computer is not on a network and I never left the admin open. Any suggestions on how I might be able to safetly use word press without leaving myself open for attack? I've heard that php itself lends itself to being hacked because its built on a somewhat open ended platform.
Witty, I think a concern here is people using statements like "hacked using wordpress" without really knowing how their site was actually compromised. So many of the "found a WP bug" threads often, when resolved, are found to be user error or misunderstanding. I suspect the same is true here, but no doubt we are all open to seeing support for such statements so, if justified, they can be resolved.
My suspicion is from a perceived, but admittedly subjective, probability based on experience with such matters.
You can "safely" use WP by all the normal means of "securing" any site - good passwords, etc. I say "safely" because valid issues do arise that need to be corrected. I seem to get security updates for so many of my programs, from browser to router, so WP is not alone.
You have to remember that the affected program is not always the point of entry. For example, if you are on a cPanel-based hosting using WordPress, then the exploited entry point could have been WordPress (though there are no known vulnerabilities in v1.5.2 at this time), cPanel, AWStats, FTP, or even Apache itself.
Witty, since the files on your site were corrupted and deleted completely, you more than likely fell to a cPanel or FTP exploit, not a WordPress exploit.
This topic has been closed to new replies.
