In case you haven’t heard, there’s a virulent worm spreading and hacking Wordpress blogs that have not been updated to the latest version, 2.8.4. Wordpress founder Matt Mullenweg advises everyone to update their Wordpress blogs:
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
I’m talking about this not to scare you, but to highlight that this is something that has happened before, and that will more than likely happen again.
Hacking blogs and worms are not new to bloggers, whether you have Blogger or Wordpress, but I certainly didn’t like to read Mullenweg’s “this is something that has happened before, and that will more than likely happen again.” :yikes:
The only thing Mullenweg has to say about future hacking is:
There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.
I admit, I sometimes wonder if hack attacks are built by certain people who use such attacks to get everyone to upgrade. This particular worm is relatively harmless, and easily detectable. I’ve heard of horrible hacker attacks, where entire blogs are wiped out or are used as vehicles to spew p*rn and other filth. This worm seems quite tame, and leaves behind broken links, which is easily detectable. Did someone create this worm simply to scare Wordpress users into forcing them to update their blogs? I’m not saying I believe this is so, just that there is that possibility. Maybe there’s more to this worm than is being publicized… But if that’s all the worm does, what else could be the motive?
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
Tags: blogs, hacker, Wordpress, worm
Haloscan Closing Its Doors
Feb 6
Posted by Mrs. Mecomber in Blogger, blogs, conversion programs | No Comments
Ouch.
Haloscan, that blog commenting software that has been around for years, is closing the service. This is from their website.
Haloscan was very popular with Blogger, since Blogger’s commenting functions are woefully inadequate (even after a few small tweaks by Google). I tried Haloscan a few years ago, and wasn’t too impressed. Of course, the Blogger commenting functions are terrible. But rather than continue to work with Blogger, I just went to Wordpress and my own self-hosted blogs. It’s been a great experience, with Wordpress.
Regarding Haloscan, some bloggers are afraid they may lose all their comments across hundreds of posts. I *think* Haloscan is offering a free comment migration back to your original blog host, through various third-party vendors. Not sure, though, because it seems some things are still up in the air. Read the FAQs here.
Haloscan is closing February 20.
Tags: Blogger, blogs, comments, Haloscan