Comments for sean's place http://www.seanrees.com Musings from a Software Development Geek. Tue, 08 Sep 2009 15:32:26 +0000 http://wordpress.org/?v=2.9 hourly 1 Comment on Well, an update worth its salt by WordPress under gpc_10805 attack | ShinePHP.com http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11849 WordPress under gpc_10805 attack | ShinePHP.com Tue, 08 Sep 2009 15:32:26 +0000 http://www.seanrees.com/?p=672#comment-11849 [...] http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ But pay attention that not only WordPress sites are attacked in this manner, look at the [...] [...] http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ But pay attention that not only WordPress sites are attacked in this manner, look at the [...]

]]> Comment on Well, an update worth its salt by vladimir http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11848 vladimir Tue, 08 Sep 2009 01:02:55 +0000 http://www.seanrees.com/?p=672#comment-11848 I think it is not the WordPress vulnerability issue. Look at this thread http://www.webdeveloper.com/forum/showthread.php?p=1032611 A lot of none-php clean HTML sites were infected with this gpc_() in the same manner. It is more probably that it uses compromised FTP passwords which stolen from your desktop by some virus which infected your computer. I think it is not the WordPress vulnerability issue. Look at this thread
http://www.webdeveloper.com/forum/showthread.php?p=1032611
A lot of none-php clean HTML sites were infected with this gpc_() in the same manner. It is more probably that it uses compromised FTP passwords which stolen from your desktop by some virus which infected your computer.

]]> Comment on Well, an update worth its salt by Tech Club | Small Business Technology News and Innovations http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11847 Tech Club | Small Business Technology News and Innovations Sat, 05 Sep 2009 20:41:29 +0000 http://www.seanrees.com/?p=672#comment-11847 [...] related to the problem: http://www.journeyetc.com/2009/09/04/wordpress-permalink-rss-problems/ http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ http://wordpress.org/support/topic/297639/page/2 [...] [...] related to the problem: http://www.journeyetc.com/2009/09/04/wordpress-permalink-rss-problems/ http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/ http://wordpress.org/support/topic/297639/page/2 [...]

]]> Comment on Well, an update worth its salt by Sean http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11846 Sean Sat, 05 Sep 2009 19:47:23 +0000 http://www.seanrees.com/?p=672#comment-11846 It looks like there are more details (but not many more): http://mashable.com/2009/09/05/wordpress-attack/ It looks like there are more details (but not many more): http://mashable.com/2009/09/05/wordpress-attack/

]]> Comment on Well, an update worth its salt by benanne http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11845 benanne Fri, 04 Sep 2009 13:50:05 +0000 http://www.seanrees.com/?p=672#comment-11845 I was running v2.6.3, and the same thing happened to me. At least, the permalink setting was changed. I haven't found any injected code. To get rid of it, I fixed the permalink setting, but that turned out to be insufficient; closer inspection of my database revealed that there was somehow another user with administrator rights (I'm supposed to be the only one), and his username was set to a bunch of Javascript. Upon discovering this, I manually removed all references to this user from the database (because he wouldn't show up in the WP admin pages) and upgraded to 2.8.4. I hope that does it, but I'm not sure yet. I just thought I'd mention it here, because you don't say anything about suspicious administrator users, so it's possible that that's something you have overlooked. Also, there seems to have been an outbreak of this lately, wordpress.org's support forums are swarming with people reporting the same symptoms. I was running v2.6.3, and the same thing happened to me. At least, the permalink setting was changed. I haven’t found any injected code. To get rid of it, I fixed the permalink setting, but that turned out to be insufficient; closer inspection of my database revealed that there was somehow another user with administrator rights (I’m supposed to be the only one), and his username was set to a bunch of Javascript. Upon discovering this, I manually removed all references to this user from the database (because he wouldn’t show up in the WP admin pages) and upgraded to 2.8.4. I hope that does it, but I’m not sure yet.

I just thought I’d mention it here, because you don’t say anything about suspicious administrator users, so it’s possible that that’s something you have overlooked. Also, there seems to have been an outbreak of this lately, wordpress.org’s support forums are swarming with people reporting the same symptoms.

]]> Comment on Well, an update worth its salt by passer-by http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/comment-page-1/#comment-11844 passer-by Fri, 04 Sep 2009 08:59:44 +0000 http://www.seanrees.com/?p=672#comment-11844 Hi Sean, I too have been hit by this, on the 2nd Sept 2009. I'm a bit stunned as like yourself I have no idea how this person has done it. Kudos to the little punk. I am beginning to think its a WP exploit. I have a part of my website served up from a private area, none of the files there were effected. Everything effected has been in the root wordpress directory. I am using WP 2.6. Maybe time to upgrade. Hi Sean,

I too have been hit by this, on the 2nd Sept 2009.
I’m a bit stunned as like yourself I have no idea how this person has done it. Kudos to the little punk.

I am beginning to think its a WP exploit. I have a part of my website served up from a private area, none of the files there were effected. Everything effected has been in the root wordpress directory. I am using WP 2.6. Maybe time to upgrade.

]]> Comment on Thoughts on IPv6 by sjmitchell http://www.seanrees.com/2009/06/20/thoughts-on-ipv6/comment-page-1/#comment-11842 sjmitchell Mon, 22 Jun 2009 15:25:26 +0000 http://www.seanrees.com/?p=629#comment-11842 Fact is, hiding behind NAT and the implicit firewall provides some much needed security to today's average home owner. Imagine if my TiVo was publicly addressable.. What obscure vulnerabilities exist that today can go unnoticed to me and to TiVo? I'm not saying it's a bad thing--but it's a different thing that will require a new level of device hardening than we need today. NAT and the home firewall provide a crutch that is going to go away once IPv6 becomes the norm. Fact is, hiding behind NAT and the implicit firewall provides some much needed security to today’s average home owner. Imagine if my TiVo was publicly addressable.. What obscure vulnerabilities exist that today can go unnoticed to me and to TiVo?

I’m not saying it’s a bad thing–but it’s a different thing that will require a new level of device hardening than we need today. NAT and the home firewall provide a crutch that is going to go away once IPv6 becomes the norm.

]]> Comment on Thoughts on IPv6 by Thoughts on IPv6 | BigB http://www.seanrees.com/2009/06/20/thoughts-on-ipv6/comment-page-1/#comment-11841 Thoughts on IPv6 | BigB Sat, 20 Jun 2009 23:31:25 +0000 http://www.seanrees.com/?p=629#comment-11841 [...] more here:  Thoughts on IPv6 Share and [...] [...] more here:  Thoughts on IPv6 Share and [...]

]]> Comment on Boldly Going by smurf http://www.seanrees.com/2009/05/08/boldly-going/comment-page-1/#comment-11840 smurf Fri, 29 May 2009 16:35:23 +0000 http://www.seanrees.com/?p=625#comment-11840 John Scalzi's <a href="http://whatever.scalzi.com/2009/05/11/quick-review-star-trek/" rel="nofollow">review</a> pretty much sums up my feelings about the movie. And I think if anything deserves to be renamed Star Trek: The Comedy, it should be Star Trek IV: The Voyage Home. Crew goes back in time For songs of the humpback whale Or else Earth goes boom (also from <a href="http://blogs.amctv.com/scifi-scanner/2009/05/star-trek-movie-plots.php" rel="nofollow"> Scalzi) I hope you're having fun in Ireland (it certainly sounds like it from your Twitter stream). John Scalzi’s review pretty much sums up my feelings about the movie. And I think if anything deserves to be renamed Star Trek: The Comedy, it should be Star Trek IV: The Voyage Home.

Crew goes back in time
For songs of the humpback whale
Or else Earth goes boom

(also from Scalzi)

I hope you’re having fun in Ireland (it certainly sounds like it from your Twitter stream).

]]> Comment on Boldly Going by ECH http://www.seanrees.com/2009/05/08/boldly-going/comment-page-1/#comment-11839 ECH Fri, 15 May 2009 03:21:14 +0000 http://www.seanrees.com/?p=625#comment-11839 If you read my movie review of Star Trek you should have read the <a href="http://www.amazon.com/Star-Trek-Countdown-J-Abrams/dp/1600104207/ref=sr_1_1?ie=UTF8&s=books&qid=1241765504&sr=8-1" rel="nofollow">Star Trek:Countdown</a> before seeing the movie or you would think that it would suck. If you read my movie review of Star Trek you should have read the Star Trek:Countdown before seeing the movie or you would think that it would suck.

]]>