Survey Finds Most WordPress Blogs Vulnerable

← Back to Stories (view on slashdot.org)

Survey Finds Most WordPress Blogs Vulnerable

Posted by kdawson on Thursday May 24, 2007 @05:10AM from the somehow-not-a-surprise dept.

BlogSecurity writes "Security analyst David Kierznowski shocked bloggers yesterday with a survey showing that 49 out of the 50 WordPress blogs he checked seem to be running exploitable versions of the widely used software. He said, 'The main concern here is the lack of security awareness amongst bloggers with a non-technical background, and even those with a technical background.' Mr Kierznowski also uncovered recent vulnerabilities in WordPress plugins that ship by default with the software, adding: 'WordPress users developing plugins must be aware of the security functions that WordPress supports, and ensure that these functions are used in their code.'"

3 of 82 comments (clear)

Min score:

Reason:

Sort:

Securing LAMP by packetmon · 2007-05-24 05:24 · Score: 4, Informative

Securing LAMP Mod Security Its so simple a fix with mod_security...

SecFilterSelective REQUEST_URI /admin.php chain SecFilterSelective REMOTE_ADDR "!^YOUR.IP.ADDRESS$" redirect:http://www.infiltrated.net/sorry.jpg SecFilterSelective ARG_username YOURUSERNAME chain SecFilterSelective REMOTE_ADDR "!^YOUR.IP.ADDRESS$" redirect:http://www.infiltrated.net/sorry.jpg Where your IP address and your username are the only ones to allow anything to the admin page. Anything else gets redirected elsewhere.

--
Infiltrated dot Net
Time to upgrade again by umrguy76 · 2007-05-24 05:26 · Score: 3, Informative

At least the WordPress site offers easy to follow directions.

http://codex.wordpress.org/Upgrading_WordPress
Re:How do you fix it? by packetmon · 2007-05-24 05:38 · Score: 4, Informative

http://www.infiltrated.net/docs/modsecips.html step by step... If its your own server... If not have the admin slap on mod_security for you and add the same rules in my previous post on this page... www.infiltrated.net/admin.php go for it... That's how I add content. There are a lot of variables to prevent against injections, etc.

Block Spam injections

Directory traversal attacks SecFilter "\.\./"

XSS attacks
SecFilter "<(.|\n)+>"
SecFilter "<[[:space:]]*script"

SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

Too many times there are clueless admins (not you per se). But this also tends to be one of the grips on the Ubuntu Document people flame me for. If *semi* even experienced admins can't lock a machine down... Imagine when Ubuntu on Dell becomes the next hot thing. Flame as much as you'd like facts are facts

--
Infiltrated dot Net