A Delightful Alternative to 404 – Not Found :: Serving you since 1996

Pontifications and Other Mindless Banter

<< previous post: Arizona and the World of Tomorrow::Main::next post: Space Exploration is Awesome >>

August 13, 2009

WordPress 2.8.4

Filed under: Administrivia,Geek-FuJeremy @ 12:01:34 AM Tags:
From the "Two-point-Eight-point-Four" Department

If you are reading this, that means that Jeremy-Gilby-dot-com, successfully updated to the latest 0.0.x release, WordPress 2.8.4.

I would have stalled on the update, but even before I learned of the security hole it fixed, Jeremy-Gilby-dot-com was victim of the exact hacking attempt, yesterday.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

Fortunately, I had already moved my Admin User to a more secure name and password years ago, so no damage could be caused.

If you have issues leaving comments, you can let me know via the Backup Blog

Note: Links were good at the time this entry was posted, but links often go bad after a while. Jeremy-Gilby-dot-com makes no guarantees.

3 Comments »

  1. Testing the Comments before the Post is Published

    Comment by Jeremy — August 12, 2009 @ 11:34:00 AM

  2. Sorry Charlie, Trix are for Kids!

    Domain Name bellsouth.net ? (Network)
    IP Address 74.225.10.# (BellSouth.net)
    ISP BellSouth.net
    Location
    Continent : North America
    Country : United States (Facts)
    State : Florida
    City : Miami
    Lat/Long : 25.7615, -80.2939 (Map)
    Distance : 1,898 miles
    Language English (U.S.)
    en-us
    Operating System Microsoft WinXP
    Browser Mozilla 1.9.2
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1) Gecko/20090806 Namoroka/3.6a1
    Javascript version 1.5
    Monitor
    Resolution : 1152 x 864
    Color Depth : 24 bits
    Time of Visit Aug 12 2009 5:25:29 pm
    Last Page View Aug 12 2009 5:29:42 pm
    Visit Length 4 minutes 13 seconds
    Page Views 7
    Referring URL http://www.google.co…NUS306&start=50&sa=N
    Search Engine google.com
    Search Words powered by wordpress 2.8.3
    Visit Entry Page http://www.jeremygilby.com/?p=2163
    Visit Exit Page http://www.jeremygilby.com/
    Out Click
    Time Zone UTC-5:00
    Visitor’s Time Aug 12 2009 8:25:29 pm
    Visit Number 269,753

    This joker tried to hack the Administrator user (four times) after I updated.

    Comment by Jeremy — August 12, 2009 @ 5:34:15 PM

  3. [...] August 13, 2009 at 12:15 am · Filed under Blogroll Jeremy-Gilby-dot-com was upgraded to WordPress 2.8.4. [...]

    Pingback by Wordpress 2.8.4 « Jeremy-Gilby-dot-com Backup — August 13, 2009 @ 1:14:31 AM

RSS feed for comments on this post. TrackBack URI

All comments are reveiwed by Editors of Jeremy-Gilby-Dot-com. So be nice. And no third party marketing will be tolerated.

Leave a comment

Powered by WordPress abc

The views, and opinions, expressed on this page are those of the author, Jeremy R. Gilby.
These issues are not intended to offend, or even to make you think, these issues are here to entertain

Some have complained that only Jeremy R. Gilby's World View appears on these pages.
I ask you, whose name is on these pages?

*polite stare*

Be seeing you...