homepage Welcome to WebmasterWorld Guest from 54.227.41.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
WordPress 2.1.1: the poisoned download
Distributed WP version contained cracker code
encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3269675 posted 3:03 am on Mar 3, 2007 (gmt 0)

[wordpress.org...]
If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker (...) It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. (...) They modified two files in WP to include code that would allow for remote PHP execution.

The patched version, 2.1.2 is available for download now from the WordPress site, and according to the developers, version 2.0 files were not affected.

WordPress 2.1.1 was released on February 21st 2007, so if you installed WordPress between then and March 2nd, you should upgrade without delay.

 

Trax

10+ Year Member



 
Msg#: 3269675 posted 3:58 am on Mar 3, 2007 (gmt 0)

wow... this is quite heavy stuff

Moncao

5+ Year Member



 
Msg#: 3269675 posted 8:00 am on Mar 3, 2007 (gmt 0)

Expect it (matters of the hack / crack) to get worse. Just watch the forums here. Recently people have been reporting their sites taken over (sub domains) for casino, etc.

auroinf0

5+ Year Member



 
Msg#: 3269675 posted 10:26 am on Mar 3, 2007 (gmt 0)

hacking is common for GPL codes. Like good coders there are bad coders (bad not in skill sense) who keep working to make things hard.

MamaDawg

10+ Year Member



 
Msg#: 3269675 posted 5:21 pm on Mar 3, 2007 (gmt 0)

Damn - I wasted hours upgrading a bundh of WP installations this week - guess I'm doing it again :(!

Thanks for the heads-up.

SuzyUK

WebmasterWorld Senior Member suzyuk us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3269675 posted 6:47 pm on Mar 3, 2007 (gmt 0)

ouch.. thanks for heads up

I wondered why WP was down last night. I had just started setting up a 2.1.1 site - nipped in the bud thanks to this post!

Brian Harris

5+ Year Member



 
Msg#: 3269675 posted 8:21 pm on Mar 5, 2007 (gmt 0)

interesting how they don't mention it on wordpress.org...

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3269675 posted 9:57 pm on Mar 5, 2007 (gmt 0)

Welcome to WebmasterWorld, Brian Harris.

You way want to check the link in the first message again ;)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved