angsuman

> I set up my WordPress site to use permalinks WITH .htaccess. But isn’t WordPress just using the url as a pointer? Isn’t the page still contained in the database?

As Macmanx clarified, the page is still in the db. However Google doesn’t care. All its cares is how it can access the page and it doesn’t go in much depth with pages which are accessed by query strings only because it is afraid of getting stuck in infinite loop of machine generated pages.

When I had a similar problem with my apache server consuming over 95% of the CPU, my hosting provider simply restarted the virtual machine (I am on a VPS) with Apache and all. They said that such problems are often fixed by restarting the server. Restarting the entire virtual machine takes about 2 seconds and you are done.
And true to their understanding it hasn’t happened since. I didn’t change anything and I have tons of plugins running.

BTW: In that particular scenario only the WP processes were hanging, the rest of php based systems were ok.

It is not fair to bring down the host for such minor issues. It seriously undermines the credibility of the hosting provider IMHO.

@jinsan Thanks. I did get a reply from Shelly about the patch.

@nuclearmoose I didn’t exactly expect within an hour. I posted about my email only after couple of days.
So what’s his schedule (for answering emails from mere mortals like me) like? A week, month or > /dev/null 🙂

Anyway looking at the responses (read none) to my actual question ( and knowing how prompt Wp community is answering questions when an answer exists) on architecture document, I am surmising that there is none. Correct me otherwise.

I don’t know if I should be filing a request for architecture document as a bug request, doesn’t look right 😐

@jinsan
> are you saying it would have been better to make the hole well known to the general public before the fix was released?

No, of course not!

All I am saying is that a patch fixing only the security defect should be made available to the end users. End users shouldn’t be forced to install a full upgrade with 170 fixes, just so he can have the security vulnerability patched. That is not right. 1.5 works for me just as I want it.

I do not need an upgrade which several people are having trouble with. However I just need a patch to fix a security hole. And I am not alone.

I emailed to Matt couple of days ago, requesting a patch. He hasn’t replied yet.

Nobody is asking to reveal the gory details of the vulnerability. However simple categorizing terms (yet vague enough to deter would be hackers) like “cross-site scripting vulnerability” would be helpful and appreciated, rather than a cryptic email just stating there was a vulnerability and it has been fixed.

@ongakukaku
The blog is up and running! Please try again.

One interesting issue I have noticed is that nowadays many comment spams also carries a payload of referrer spams in the same HTTP GET request. So it is a double spam load, reducing their bandwidth usage. It is actually a benefit in disguise for us.

I realized that actually blocking the referrer spammers aggresively (my referrer spammer blacklist) gets rid of most comment and trackback spammers!

There is another trend I have noticed in comment spamming. First there is a meaningless, yet harmless comment in the blog like “Hi” or “Good article”, which most bloggers approve. Then a deluge of spam comes in from the same source, which directly passes through because one comment from the same author has already been approved before.

@fadil

Care to elaborate?

I think 1.5.1 is supposed to fix it, with the hush-hush and all 🙂
Not to mention it brought in some headache’s too.

Frankly I find this a bit disconcerting to be so secretive about this issue. As any security expert knows, security by obscurity never works. It harms more than it does good in the long run.

If WordPress & Matt (synomymous?) was more open to this issue I would have felt much more comfortable.