The hole’s here… Down here…
For those who didn’t know, Ikimashou got two RAIDs this week. That’s TWICE, AND CONSECUTIVE TOO. You don’t have Chinese hackers knocking at your door right now, do you Rakkun?
Anyways, the post is here for a deliberate warning: WordPress got fucked up… AGAIN. Version 2.7.1′s security holes had us worrying buckets! To help you watch out, here are the incident descriptions:
- Random cluttering of your wp- folders with folders named after prescription drugs (penis enlargement pills, viagra, dildos, sex toys, you know, the works…) that contain .php files, that may possibly generate popups.
- Editing of your classes.php file in your wp-includes folder. Random hacker/anon puts in a malicious code that generates popups when you visit the site.
For those who experience the shit, here are the remedies:
- Delete the fucking drug prescription folders!
- If your classes.php file got edited, find the malicious code/s (for Rakkun’s case, anything that contains “<script” in the code is shitass malware), and find a default, working one.
This may also be too much to ask, but I’d like to know or make a network of people who would tell others of any security holes/bugs/shit about the current WordPress version so as to inform the majority about the symptoms, cures, and other stuff. I’d go bug WordPress myself, but heck, shit’s already too much to handle with their current stuff.
Prevention is better than cure. Then again, they get to draw first blood most of the time.
meh wordpress has gone to the dogs in a big way. It’s been on a downward spiral for a while now. Each is as buggy if not worse than the previous one.
I’m thinking of moving to a new engine all together, been looking at M$ one, as well as moveable type and a few others.
WP got the top spot, then pretty much just decided not to do anything else. They’re like M$ now, basiclally living on the fact that they have a large market share