olivier
/
blog_post_tests
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2017-04-03. You can view files and clone it, but cannot push or open issues/pull-requests.
blog_post_tests/20140825182039.blog

8 lines
1014 B
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

Spam alert
<p>Yes, I&#8217;m aware of the spam on the blog front page. The management does not hawk dubious drugs.</p>
<p>Daniel Franke and I just did an audit and re-secure of the blog last night, so this is a new attack. Looks like a different vector; previously the spam was edited into the posts and invisible, this time it&#8217;s only in the front-page display and visible.</p>
<p>It&#8217;s a fresh instance of WordPress verified against pristine sources less than 24 hours ago, all permissions checked. Accordingly, this may be a zero-day attack.</p>
<p>Daniel and I will tackle it later tonight after his dinner and my kung-fu class. I&#8217;ll update this post with news.</p>
<p>UPDATE: The initial spam has been removed. We don&#8217;t know where the hole is, though, so more may appear.</p>
<p>UPDATE2: It&#8217;s now about 6 hours later and spam has not reappeared.  I changed my blog password for a stronger one, so one theory is that the bad guys were running a really good dictionary cracker.</p>
Reference in New Issue View Git Blame Copy Permalink