Register Blogs Advertise with usHelp Desk Today's Posts Search

Thread Tools Search this Thread
Unread 5th Sep 2009, 12:07 AM   #1
OffTheWallflowerChild
War Room Member
 
Patrician's Avatar
 
Join Date: 2004
Location: USA
Posts: 11,698
Thanks: 6,331
Thanked 2,666 Times in 1,801 Posts
Default
Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Don't know if you guys saw this in the main forum or not, but in speaking to my host it is a serious security threat. GO AND UPGRADE ANY VERSION PRIOR TO 2.8.4

Host4Profit has some security in place and has not seen any actual hacks, but did find some attempts. Better safe than sorry -

Jeff Houdyshell might* help you if you can't do it yourself. (for a fee)
http://www.wordpressmax.com/



http://www.warriorforum.com/main-int...p_referer.html

Leads to explanation
Wordpress MySQL Injection - Permalink hack %&({${eval(base64_decode($_SERVER[HTTP_REFERER]


Here is another report of a previous attack.

http://www.warriorforum.com/main-int...-code-url.html


From Wordpress.org

WordPress 2.8.4: Security Release

Posted August 12, 2009 by Matt. Filed under Releases, Security.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

Patricia Brucoli
Plug-In Profit Site Helpdesk
Patrician is offline   Reply With Quote
The Following 2 Users Say Thank You to Patrician For This Useful Post:
Unread 5th Sep 2009, 12:05 PM   #2
GT
Senior Warrior Member
War Room Member
 
GT's Avatar
 
Join Date: 2007
Location: Northern Alberta , Canada.
Posts: 2,448
Thanks: 2,399
Thanked 608 Times in 423 Posts
Blog Entries: 357
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Hi, Patricia:

I don't have a WordPress blog (yet), but thanks for posting updates like these, whether WordPress or whatever. It's good to keep each other informed just in case we miss something posted elsewhere.

GT

* You Can Begin Earning Affiliate Income HereDirect Commissions and Residual Income!
* Home Business Resources and Affiliate Opportunities
* Visit This Library to Expand Your KnowledgeBlog Post
* Reinventing Your Life - Make the Rest of Your Life the BEST of Your Life!
* Follow Me On Twitter ===> MyPowerSite <===| gtbulmer | StarrBizzcom
GT is offline   Reply With Quote
The Following User Says Thank You to GT For This Useful Post:
Unread 5th Sep 2009, 12:30 PM   #3
Freelance Proofreader
War Room Member
 
Alan Mater's Avatar
 
Join Date: 2008
Location: Pennsylvania, US
Posts: 1,562
Thanks: 55
Thanked 156 Times in 137 Posts
Blog Entries: 2
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Thanks for bringing this to our attention, Pat.

I've been putting off updating my blogs, but after reading this I'm going to go ahead and do it. I'm in the process of backing everything up now.

Thanks!

Alan Mater is offline   Reply With Quote
The Following User Says Thank You to Alan Mater For This Useful Post:
Unread 5th Sep 2009, 01:36 PM   #4
Graham Maddison
War Room Member
 
Graham Maddison's Avatar
 
Join Date: 2008
Location: Khon kaen, Thailand
Posts: 1,338
Thanks: 363
Thanked 329 Times in 202 Posts
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Thanks Pat,

after reading your alert, I have now successfully updated all of my blogs (5 of em).

I really appreciate the advice.

Graham

Trade without Boundaries.
Start with $30 Trading Bonus.
No Deposit Required
Graham Maddison is offline   Reply With Quote
The Following User Says Thank You to Graham Maddison For This Useful Post:
Unread 5th Sep 2009, 01:42 PM   #5
Freelance Proofreader
War Room Member
 
Alan Mater's Avatar
 
Join Date: 2008
Location: Pennsylvania, US
Posts: 1,562
Thanks: 55
Thanked 156 Times in 137 Posts
Blog Entries: 2
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

I've now upgraded both of my blogs successfully.

Alan Mater is offline   Reply With Quote
Unread 5th Sep 2009, 03:18 PM   #6
HyperActive Warrior
War Room Member
 
xtreme newbie's Avatar
 
Join Date: 2009
Location: Michigan
Posts: 114
Thanks: 68
Thanked 25 Times in 25 Posts
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Saw this alert on Facebook where a friend posted this from Mashable: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] - WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

I just upgraded 12 blogs. Luckily no problems but that was too close a call. Whew!! From now on I'm going to stay current on my Wordpress upgrades.

Hope everyone at the forum sees this thread.

Color Me Social Techie sisterpreneurs helping time and tech challenged small business owners use social media and other online tools for growth and profit.
xtreme newbie is offline   Reply With Quote
The Following User Says Thank You to xtreme newbie For This Useful Post:
Unread 5th Sep 2009, 04:01 PM   #7
Call Room Guy
War Room Member
 
warriortx's Avatar
 
Join Date: 2009
Location: Tempe, AZ
Posts: 1,830
Thanks: 37
Thanked 401 Times in 115 Posts
Blog Entries: 6
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Thanks for the heads up because I didn't know

warriortx is offline   Reply With Quote
Unread 5th Sep 2009, 05:43 PM   #8
Advanced Warrior
 
houdy's Avatar
 
Join Date: 2006
Location: The Midwest
Posts: 968
Thanks: 1
Thanked 63 Times in 52 Posts
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Always backup the database and the wp-content folder before an upgrade. In fact you should have a backup strategy. I have never needed a backup personally but have had many people contact me with lost blogs who didn't.

Backup the database on H4P:
Backup WordPress Database

This will show you how to backup the wp-content folder and more:
Scheduled Backup Of Your WordPress Blog

houdy is offline   Reply With Quote
The Following User Says Thank You to houdy For This Useful Post:
Unread 11th Sep 2009, 05:39 AM   #9
Advanced Warrior
 
houdy's Avatar
 
Join Date: 2006
Location: The Midwest
Posts: 968
Thanks: 1
Thanked 63 Times in 52 Posts
Default
Re: Upgrade Wordpress to 2.8.4 - Security Threat
Share on: 
fb share twitter share gplus share more share

Satya if you are not seeing a warning on the upper area of the WordPress dashboard then you have the latest version and don't need to upgrade. When you login to the main dashboard you should see what version you are using and the latest right now on 9/10/09 is WordPress 2.8.4

houdy is offline   Reply With Quote
The Following User Says Thank You to houdy For This Useful Post:
Unread 13th Oct 2009, 01:30 PM   #10
Active Warrior
War Room Member
 
landon's Avatar
 
Join Date: 2008
Location: , , .Greenville NC
Posts: 80
Thanks: 86
Thanked 3 Times in 3 Posts
Arrow
How Do I upgrade my Wordpress Blog
Share on: 
fb share twitter share gplus share more share

Hi Everyone I just saw the threat about upgrading our wordpress blogs. But how do you do that? Don't you have to backup the blog posts first? I have never done that before, how serious is the threat? Thanks Dianne

landon is offline   Reply With Quote
Unread 13th Oct 2009, 01:34 PM   #11
Senior Warrior Member
War Room Member
 
Stephen Meyer's Avatar
 
Join Date: 2007
Location: Ada,OK , USA.
Posts: 1,535
Thanks: 108
Thanked 343 Times in 228 Posts
Default
Re: How Do I upgrade my Wordpress Blog
Share on: 
fb share twitter share gplus share more share

On you back office left column look for "upgrade". Click that and it will tell you if you need to. If you do just click upgrade from there and select automatic. It will do it for you.


Originally Posted by landon View Post

Hi Everyone I just saw the threat about upgrading our wordpress blogs. But how do you do that? Don't you have to backup the blog posts first? I have never done that before, how serious is the threat? Thanks Dianne

Find out how this guy went from being over $40,000 in debt to having total financial freedom and how you can to.Click Here: Freedom ~
Stephen Meyer is offline   Reply With Quote
The Following User Says Thank You to Stephen Meyer For This Useful Post:


Bookmarks

Tags
blog, security, threat, upgrade, wordpress


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT -6. The time now is 04:19 AM.