Comments on: 10 Great Reasons NOT to use WordPress… http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/ Seattle's Leading Resource for Real Estate Information Sun, 08 Nov 2009 01:47:42 -0800 http://wordpress.org/?v=2.8.4 hourly 1 By: Joel Burslem http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-16104 Joel Burslem Wed, 06 Sep 2006 04:32:13 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-16104 Glad to see you're up and running again, guys. This is a great lesson to anyone running WP - I'm going to have to go through all my permissions and double check them. Glad to see you’re up and running again, guys.

This is a great lesson to anyone running WP – I’m going to have to go through all my permissions and double check them.

]]> By: patrick http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15963 patrick Tue, 05 Sep 2006 17:48:51 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15963 Dustin, Check for wget in your logs, for starters. Or a lot of stuff that looks like %0A , etc. Also you might consider turning off allow_furl_open in your php.ini (allowing a url to be included/opened like a file). Dustin,

Check for wget in your logs, for starters. Or a lot of stuff that looks like %0A , etc. Also you might consider turning off allow_furl_open in your php.ini (allowing a url to be included/opened like a file).

]]> By: Robbie http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15933 Robbie Tue, 05 Sep 2006 16:13:03 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15933 Wish I could be more helpful. On my planet, index.php is called default.aspx and .htaccess/chmod is replaced by cacls.exe and mad asp.net/ISAPI skills... Wish I could be more helpful. On my planet, index.php is called default.aspx and .htaccess/chmod is replaced by cacls.exe and mad asp.net/ISAPI skills…

]]> By: Dustin http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15802 Dustin Tue, 05 Sep 2006 04:20:20 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15802 Patrick, I forgot what I ended up with, but I definitely didn't have any 777s. I remember going through a few iterations to find the minimum that I had to leave open for individual files and still have the plugins work, so I did set things up so that the server could write stuff. Hence, my guess that someone figured out a way to use one of the programs I had installed to trick the server into writing the junk. Based on the fact that almost no files were added/deleted to the server (that I can tell), it doesn't look like the hacker got around to doing very much damage. BTW, I tried looking through some access logs, but I didn't find anything interesting there... (not that I know exactly what I should be looking for... :) ) Patrick,

I forgot what I ended up with, but I definitely didn’t have any 777s. I remember going through a few iterations to find the minimum that I had to leave open for individual files and still have the plugins work, so I did set things up so that the server could write stuff. Hence, my guess that someone figured out a way to use one of the programs I had installed to trick the server into writing the junk.

Based on the fact that almost no files were added/deleted to the server (that I can tell), it doesn’t look like the hacker got around to doing very much damage.

BTW, I tried looking through some access logs, but I didn’t find anything interesting there… (not that I know exactly what I should be looking for… :) )

]]> By: patrick http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15746 patrick Mon, 04 Sep 2006 22:37:07 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15746 How are you doing "..require that the web admin set folder settings so that the plugin can “write” to the server.." this? If you have chmoded to 777, then anything can be written there by anyone. Did you search your server logs? Not just access_log, but error_log (these are for Apache), but your system's kernel log (/var/log/messages), et al? These will provide clues as to what files were scanned and exploited. How are you doing “..require that the web admin set folder settings so that the plugin can “write” to the server..” this? If you have chmoded to 777, then anything can be written there by anyone.

Did you search your server logs? Not just access_log, but error_log (these are for Apache), but your system’s kernel log (/var/log/messages), et al? These will provide clues as to what files were scanned and exploited.

]]> By: ARDELL http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15703 ARDELL Mon, 04 Sep 2006 18:14:06 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15703 I changed my password, for what it's worth. I suggest everyone do the same. I changed my password, for what it’s worth. I suggest everyone do the same.

]]> By: Dustin http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15695 Dustin Mon, 04 Sep 2006 17:29:55 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15695 No, I don't think they erased anything... My first step was to over-write the index.php file, but that did nothing. They were clearly messing with something on a deeper level and my guess goes back to the .htaccess file, which I think (but I really don't know) would cause the behavior you described. I've noticed that the .htaccess file has a ton of power. And seeing as how this file allows the the server to write the "human readable URLs" on the fly, I'm pretty sure it could be configured to do the redirection that was going on. If anyone thinks I'm full of it and spreading bad information, please feel free to step in! :) No, I don’t think they erased anything… My first step was to over-write the index.php file, but that did nothing. They were clearly messing with something on a deeper level and my guess goes back to the .htaccess file, which I think (but I really don’t know) would cause the behavior you described. I’ve noticed that the .htaccess file has a ton of power. And seeing as how this file allows the the server to write the “human readable URLs” on the fly, I’m pretty sure it could be configured to do the redirection that was going on. If anyone thinks I’m full of it and spreading bad information, please feel free to step in! :)

]]> By: Greg Swann http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15691 Greg Swann Mon, 04 Sep 2006 17:22:07 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15691 From appearances (I didn't test exhaustively), it seemed that everything at the root level for the domain had been erased and you (or they) had set the default 404 behavior to index.php. Is that correct? From appearances (I didn’t test exhaustively), it seemed that everything at the root level for the domain had been erased and you (or they) had set the default 404 behavior to index.php. Is that correct?

]]> By: Dustin http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15685 Dustin Mon, 04 Sep 2006 17:02:02 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15685 All, I'd love to tell you how they got in and exploited my site, but I simply don't know. My guess is either 1) They found a weak password as Robbie suggest or 2) I mis-configured the permissions on my server. I suspect the second issue because a number of WP plugins require that the web admin set folder settings so that the plugin can "write" to the server. I've tried to be as conservative as possible when changing these settings because I've always thought that it was a bad practice for me to allow my server to write over files when I'm not sure what is "safe" and what is "dumb". Anyway, at this point, I've changed all the permissions so that the server cannot write (overwrite!) files, but that means that I don't have easy plugins for things like backing up the database and updating the .htaccess file. Such is life until I start feeling adventurous again. All,

I’d love to tell you how they got in and exploited my site, but I simply don’t know. My guess is either
1) They found a weak password as Robbie suggest or
2) I mis-configured the permissions on my server.

I suspect the second issue because a number of WP plugins require that the web admin set folder settings so that the plugin can “write” to the server. I’ve tried to be as conservative as possible when changing these settings because I’ve always thought that it was a bad practice for me to allow my server to write over files when I’m not sure what is “safe” and what is “dumb”. Anyway, at this point, I’ve changed all the permissions so that the server cannot write (overwrite!) files, but that means that I don’t have easy plugins for things like backing up the database and updating the .htaccess file. Such is life until I start feeling adventurous again.

]]> By: Josh http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15678 Josh Mon, 04 Sep 2006 16:28:57 +0000 http://raincityguide.com/2006/09/04/10-great-reasons-not-to-use-wordpress/#comment-15678 Welcome back. Sorry that you had to deal with those hackers. I'd also like to know exactly what happened, in an effort to protect myself and others. Please feel free to email me or post it here! Thanks. Welcome back. Sorry that you had to deal with those hackers.

I’d also like to know exactly what happened, in an effort to protect myself and others. Please feel free to email me or post it here! Thanks.

]]>