Upgrade your Wordpress, I really mean it!

[erots]

Making a thread because it really seems widespread and I don't want people to get a wrong impression about Wordpress.

Apparently there is a hack that redirects all your Google and possibly also Yahoo traffic, you can only notice it by looking at your stats.

Unlike some people try to make us believe, it is not caused by a exploit that affects all the versions of Wordpress but only the older ones.

The idea that it affects all seems to have born in the minds of people who have no idea about how software works. After deleting their old Wordpress and uploading the latest one they still got hacked and figured all versions were affected... this is not true because you also need to clean it from your database!

This is the original thread
http://www.netpond.com/blogging-foru...idespread.html

This is the official solution
Did your WordPress site get hacked?

This is for laughing at wankers
WordPress › Support » Wordpress Hacked and Redirected ... Again

As a side note, I remember pam wasn't satisfied with the new image uploader of Wordpress. Turns out it didn't work very well with my favourite browser either so I just found a way to disable it. So this is for you pam if you don't already have it and for anyone else who has a problem with image uploading with Wordpress 2.5.1

WordPress › No Flash Uploader « WordPress Plugins

Now go here to download latest Wordpress
WordPress › Blog Tool and Weblog Platform

[diablom]

I have never upgraded wp before. If I upgrade wordpress on existing blog with 50+ posts, is there a chance they will be deleted or somehow broken?

[erots]

Quote:

Originally Posted by diablom

I have never upgraded wp before. If I upgrade wordpress on existing blog with 50+ posts, is there a chance they will be deleted or somehow broken?

You should really make backups before you upgrade. If you are lazy like me then at least do MySQL backups. Your posts are in MySQL database, fuck the files... well template is important thing from the files but you seriously got to fuck up when you manage to destroy it somehow by upgrading. Only thing I can think of is that you delete it.

There is a small chance that your theme doesn't work very well with newest Wordpress or some other minor things but they are all very easy to fix and there is a 97% chance that this doesn't happen to you

[Hentaikid]

Also disable the plugins before upgrading, the only time I've had a problem was upgrading an older blog with a lot of plugins, some no longer worked and interfered with the site

[pam]

I upgraded a blog with at least a thousand posts (3 years old) and had no issues. I've upgraded about a dozen others with no issues, all plugins work, but I also don't use many plugins.

Erots, thanks, the issue with the uploader gives me those blue lines, and I have to mouse over them to get rid of them ... I'll check out your plugin

[fsudirectory]

Well from reading that WP Forum, it seems that the issue lays with a plugin that has been exploited.

Seems the easiest "quick fix" would be to overwrite your plugin dir with fresh ones you know arent compromised

[AbsolutePorn]

All my blogs are up to date (around 150)

[BadWolf]

Quote:

Originally Posted by fsudirectory

Well from reading that WP Forum, it seems that the issue lays with a plugin that has been exploited.

Seems the easiest "quick fix" would be to overwrite your plugin dir with fresh ones you know arent compromised

Yes, but unless you upgrade couldn't the plugin be exploited again?

[gedeon]

And what's up with the uploads folder? It has 777 chmod, and I don't wanna change it, cuz I'm using external programs to update my blogs. Is this a risky folder?

[pam]

Quote:

Originally Posted by gedeonbacsi

And what's up with the uploads folder? It has 777 chmod, and I don't wanna change it, cuz I'm using external programs to update my blogs. Is this a risky folder?

I changed all upload directories to 755 and can still upload pics with no problems when using 2.5.1

[erots]

Some people say that you should never chmod 777 but it is kind a half truth. 777 means full access to owner, your group and others. With some hosts you can do fine with 755(5 means read and execute) but lot of them need at least 775 or 777.

What really "full access to others" means is not that everyone can change your files directly over internet. It means that people who are on the same server with you could potentially modify, upload or delete your files. In shared hosting space this only happens when somebody is compromised and they know full path to your files(not very likely).

Another thing that is more likely is that your scripts get compromised, then it could also be possible for the hacker to edit your files with 777 permissions. BUT, this is also possible with those good hosts where you can manage with 755 permissions, because all the files and processes are united, although it seems much safer than the guys who need to use 775 or 777 it really is not.

The difference: If you can manage with chmod 755:

This means that files you upload with FTP belong to your user also the files you upload thru Wordpress upload function in example. They all belong to your user

If you need chmod 775:

This means that files uploaded thru FTP belong to you but files uploaded thru Wordpress upload function belong to some other user, usually it is user: nobody. Why you need 775 is that user nobody DOESN'T HAVE PERMISSIONS to make new files to upload folder, so you need to chmod the upload folder to that. Only difference of 775 and 777 is that sometimes user "nobody" doesn't belong to the same usergroup as you.

So in conclusion, although hosts that don't need chmod 775 or 777 for upload dirs but just 755 seem to be configured "right" for some people, the first ones are actually much safer BECAUSE you only need to change permissions for this one directory and well maybe you configuration files too. When you are using hosts that need chmod 755 then it means that compromised script can modify and upload files to all the directories you own.

Now about is it risky or not.. upload folder, well.. they can put big files there and maybe overwrite your stuff but thats about it, also it would be extremely annoying to change permissions of that directory each time you want to upload a file there. Configuration files that are with such permissions or main files like index.php and what not are much more a threat.

But we forgot one thing - this really becomes a problem when you are already compromised. Most of the attacks come a lot later when the patch has been given out and some bad guys have finally found out what they patched and start their campaign.

So update your stuff

Quote:

Originally Posted by fsudirectory

Well from reading that WP Forum, it seems that the issue lays with a plugin that has been exploited.

Seems the easiest "quick fix" would be to overwrite your plugin dir with fresh ones you know arent compromised

which plug-in?
....

[fsudirectory]

Well the only real way to find the plugin is to
1) know your hacked
2) turn off random plugins till you realize which it is

or just clean the entire DIR and hope not to get hacked again until someone else figures out whats going on.

you mean it can be any plug-in, not one in particular?

[fsudirectory]

Yea, from what Ive read, no one has nailed it down

[gedeon]

Quote:

Originally Posted by pam

I changed all upload directories to 755 and can still upload pics with no problems when using 2.5.1

I'm using the program "BlogPost" (written by Twan) and it need's the 777 chmod. If I'm with 775 or 755 I can't upload images to this folder. Setting the chmods every upload would be so annoying. However, the other files and dirs are 755 and 644 and the WP is 2.5.1. Hope I'm cool with those options.

[erots]

Quote:

Originally Posted by rogue

you mean it can be any plug-in, not one in particular?

There are probably different people behind this, all of them using the same exploit. Some of them make the code hide in index.php, some of them have made the script to pick random plugins. Some of them hide in wp-includes... etc.

The smartest ones of them respawn themselves to your Wordpress files when you haven't cleaned up the database, so it could also be in your database. The official site should pretty much let you know about all the techniques how to clean it up.

and the only way to know if you've been compromised is if your stats no longer show any SE traffic?

[kaktusan]

did they made it so an upgrade fixes the issue finally? Last few days i was hearing everyone is being updating and still getting compromised?

[seeandsee]

Possible fix:
http://www.netpond.com/adult-webmast...-hack-fix.html