TechAmok Forum Index TechAmok
Independent Technology News
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

WordPress blogs falling prey to worm

 
Post new topic   Reply to topic    TechAmok Forum Index -> Comments
View previous topic :: View next topic  
Author Message
topicmaker
Veteran
Veteran


Joined: 28 Feb 2006
Posts: 25888
PostPosted: Tue Sep 08, 2009 2:33 am    Post subject: WordPress blogs falling prey to worm Reply with quote
ZDNet warns of a worm that is circulating that can post malware and spam to some WordPress blogs using older versions of the software. If you use WordPress, make sure you update to the latest version:

The worm can be tough to catch, as Mullenweg explains: "it registers a user, uses a security bug (fixed earlier in the year) ...read more
Back to top
View user's profile Send private message
admin
Site Admin
Site Admin


Joined: 28 Feb 2006
Posts: 907
PostPosted: Tue Sep 08, 2009 2:34 am    Post subject: Reply with quote
if you are lazy to upgrade, here's a workaround:

Basically, all you need to do is replace some text in your wp-login.php
file. Just go in there and change:


Code:


if ( empty( $key ) )



to

Code:


if ( empty( $key ) || is_array( $key ) )


Now if someone tries to reset your password using this exploit,
they will get slapped down with the message
"Sorry, that key does not appear to be valid."
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    TechAmok Forum Index -> Comments All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2016 phpBB Group