WordPress 2.1.1 Dangerous, Upgrade Now!

That one is really good i read that.But still i would like to do manually.I better know what i am doing

I agree. When there is a loophole in the process, what's stopping those people from bullying, the weak or the strong?

Thats the course of nature when it comes to the internet - constantly those trying to find loopholes and hacks - but for what reason? Just to be famous for 5 minutes and then fade away?

I get that question all the time from layman about hackers: "Why do they do it?"

It really does seem silly, we'll forget their name in an hour - unless we were the one to get hacked...

Thats exactly the point - infamous hackers go down in history - How many people don't know who Kevin Mitnick is?

Wordpress is huge - but a hack on wordpress will not make you go down in history, it will just make you be talked about for a day and then forgotten.

Yea you are right. I am never gonna forget the 'name' of the one that did that to me.. Well, for a while, that is.

You will never know what is on their minds or what they are thinking at the moment. Funny creatures, they are. Besides the point, there's a television program that is entitled 5mins of fame, for those people to indulge in a little of fame.

5 Minutes of fame - I don't understand why it's so needed?

5 Minutes makes you nothing - having a long term knowledge of who you are is what matters. I guess people need to learn that before all this silly crap will stop happening.

Its not about being famous,Its more about passions.Like you like to blog they like to find hacks and they do it..may be for money but its a passion

I heard about it too.But do they over rite a complete folder or do they digg down the folder and then replace? SO in case if i have a folder inside it doenst get deleted

You got hacked? Was your blog defaced or anything otherwise obvious? If not, how do you know you were 'hacked'?

Yes my site was defaced. I had it up showing on my blog as a warning to the rest of the other 2.1.1 to quickly do their upgrade. No kidding.

That sucks - hey, atleast you got it fixed and your good to go now

That does suck!! I'd love to see a screen cap though, just to see what it looked like.

Oh, I see you have one on your site - sorry!

dang! that must have sucked big time.Do you take backup every day if not start doing

I agree. Treat your blog like one of your internet-banking accounts. Frequently change your passwords, and keep them secure. I had personally learned a lesson from that. Tough luck.

they should add one feature that can email them telling your password expires in 10 days.That will keep them to toe

That's a really great idea - one I had never thought off...

Thanks!

Good point, have not done this yet

"major blow to the credibility of the folks at Wordpress"

How? They got hacked! It's not like they put the malicious code in there.

Exactly, they got hacked and the download release for version 2.1.1 was compromised with malicious code added to it. Why do you think they are urging everyone to upgrade so urgently?

This is a wordpress 'red-alert'. It doesn't get anymore urgent than this. Any one of us running version 2.1.1 could very well be running the modified version and be wide open to whoever has the knowledge and the desire to mess up your site.

This begs the question, what was the nature of this malicious code and what does it allow this individual to do?

Also, even after we upgrade to 2.12, there is always the possibility that the evildoers have already messed up your wordpress db and added in some other malicious code. I haven't seen any mention of this yet and the only way to be sure would be to go through your tables individually....yeah right.

Tomorrow it will come out with a new version and more bugs - thus the life of the internet.

I agree that it is a little hard to believe which story is the real thing. Like what you may suggest, the story to upgrade once again may be put up by the hacker.

I believe, give WP sometime and they may explain how it happens, what it does and the measures that they are taking to prevent it.

Besides the point, there will always be smarter people lurking around in the corners of the world, and it would be hard to beat all the crackers out there.

there is always the possibility that the evildoers have already messed up your wordpress db and added in some other malicious code

While it's a possibility, I'm sure the Wordpress crew is checking their server logs and patching any holes!

yeah they have a major blow there.I hope they come out with something good

Dream on. :roll: :mrgreen:

didnt see any points on that .Good luck next time

Maybe you didn't read John's post... but this is because someone modified the code a few days ago... not the original release!

Maybe you didn’t read the entire comment you're replying to!

"(we’ll in this case it wasn’t because of lack of testing)"

Sounds to me like what I do for Window releases. Like Vista! I had Ultimate for 15mins and back to WinXP. Think I'll wait till SP1

As for Wordpress that's definitely no fun! I mean having to update with a security patch

Yeah, but it was an easy upgrade - and there were new features!

Then why do people get scared to do updates with Wordpress if you say it was an easy upgrade. Isn't it usually just replacing a couple of files with new versions?

I guess its mainly the plugins people don't like to mess around with.

Very easy, full instructions on WP site, takes 5 - 10 mins