I don’t know what started the slow spiral into time out hell and unresponsiveness purgatory at D=S, but it started about a week ago and whether I clicked the wrong thing while trying to fix it or “they” finally found a way in to wreak havoc. D=S was kneecapped.
Either way, it made me a little more security conscience and I thought it only neighborly to pass along a post I found from My Test Box that may help one of you avoid what I like to call, The D=S Meltdown Of Nov. ‘08.
An excerpt and then I’ll link to the rest of the info packed article.
Most of the attacks consist in using SQL injection and XSS cross-site scripting and that is because the user input isn’t filtered properly by the software. Some of the attacks use bots which can create hundreds of spam pages on your blog automatically, place a backdoor (so the hacker can come back at later time) or steal users passwords.
Hackers are taking advantage of the open-source nature of the software to look and analyze the source code of a specific software they want to attack and test it for potential vulnerabilities. Then the developers and users have to detect, track down, and shut down the vulnerabilities in the code that those attackers are using.
The pattern seems to be the same: when a new hole is found, it’s broadly exploited, then developers rush out a patch and/or a new release. Most of the damage inflicted by the automated exploits can be reversed with an upgrade but in some cases you can be left with thousands of spam pages and images to clean up (and they are usually well hidden). If the attacked software is very popular (and that attracts hackers too) – like Wordpress – then thousands of installs can be compromised.Chances are that a blog owner realizes late that his blog was hacked that why it is important to keep up with the latest upgrades and security patches from Wordpress.com and keep an eye on your blog: monitor the statistics, the blog usage, have frequent backups and track other security blogs for news about any security holes one of them is BlogSecurity.net.
In the meantime, make sure and remember that D=S is still here and still looks forward to sharing my brand of psycho-babble.
I still wish someone could tell me how to extract my old post from my .tgz backup file. My host advised me that they no longer honor the feature needed to restore from that file, nice huh?
Maybe when re-up time comes ’round I’ll do like all the cool kids and get me one of them thar nifty mu.nu sites….
Trackposted to Rosemary’s Thoughts, The Random Yak, Right Truth, Shadowscope, DragonLady’s World, Cao’s Blog, Leaning Straight Up, Conservative Cat, , Political Byline, Faultline USA, Allie is Wired, third world county, Woman Honor Thyself, Wake Up America, Walls of the City, The World According to Carl, Pirate’s Cove, Rosemary’s News and Ideas, The Pink Flamingo, Dumb Ox Daily News, CORSARI D’ITALIA, and Right Voices, thanks to Linkfest Haven Deluxe.
Related posts:
