The MU forums have moved to WordPress.org

A New WordPress Virus (6 posts)

  1. bochiman
    Member
    Posted 16 years ago #

    Recently, we have accidentally discovered in our blog posts a new dangerous viral activity based on an advertising script that exploits the security leaks of WordPress platform. This type of attack could be also present in the tens of millions of online WordPress blogs. The rest of the article can be found here.

  2. gpo1
    Member
    Posted 16 years ago #

    There to be an upgrade of wordpress 2.6.1 to 2.6.2 asap

  3. andrea_r
    Moderator
    Posted 16 years ago #

    *sigh*

    First, thanks for the alarmist post.
    Second, if this is what I think it is, it's a theme vulnerability and was already addressed in versions *before* 2.6.1.

    Third - the security fixes in 2.6.2 have nothing to do with this issues, and the issues it *does* fix are to do with user registration on single blogs. Which, as you should be aware, are completely different in WPMU and therefore irrelevant.

    Fourth - to the OP. If you think this is a NEW issue, the proper procedure is to contact the WP security team. Not make a bunch of public posts about it. Sheesh.

  4. andrea_r
    Moderator
    Posted 16 years ago #

    Also, note this part:

    "based on an advertising script"

    So.. can we assume that if you don't have this advertising script you're not vulnerable?

  5. MrBrian
    Member
    Posted 16 years ago #

    He is just spamming his stupid article everywhere on the internet. This isn't specific to WPMU or even wordpress, and he dosen't give a mention of the version of wordpress that's affected. Thankfully, i do know what he's talking about and this is OLD, affecting regular old wordpress 2.3.1 and below. All WPMU users should just ignore this thread completely if they have WPMU 1.3.3 or higher.

  6. SteveAtty
    Member
    Posted 16 years ago #

    He also says it involves a file being uploaded to the root of the WP installation directory which would imply a rather insecure WP installation (well I assume I'm not the only person who does not have any of the files / directories, apart from the obvious ones, owned by the apache user)

About this Topic

  • Started 16 years ago by bochiman
  • Latest reply from SteveAtty