Comments on: Attack on WordPress Blogs on RackSpace http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/ Website insecurity by example Sun, 05 Feb 2012 10:06:25 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Denis http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-8604 Denis Sun, 01 Aug 2010 21:18:25 +0000 http://blog.unmaskparasites.com/?p=637#comment-8604 Hi Lee, What sort of problems now? The same as described in this article or something different? Hi Lee,

What sort of problems now? The same as described in this article or something different?

]]> By: Lee Adler http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-8595 Lee Adler Fri, 30 Jul 2010 22:59:15 +0000 http://blog.unmaskparasites.com/?p=637#comment-8595 I'm on Rackspace Cloud and have started having problems again in the past two days. Their response is always the same- "Not our problem. We don't support coding issues." I’m on Rackspace Cloud and have started having problems again in the past two days. Their response is always the same- “Not our problem. We don’t support coding issues.”

]]> By: BC http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-8031 BC Fri, 25 Jun 2010 13:02:40 +0000 http://blog.unmaskparasites.com/?p=637#comment-8031 Thanks at ton for your article. I have found 3 of our WP sites that got hacked. I have had WP sites on the cloud for a while and I have had a good amount of them hacked. I was asking their support about 3-4 months ago if there is a reason the sites hosted there seemed to get hacked more often than other host I still have some other domains on and of course there is nothing they are doing wrong. That kind of bugs me. They do have good support and I will most likely stay with them as hopefully they are more aware now, but I wish they would take a little ownership and admit that they had some part in this. I just got another email this morning, http://status.mosso.com/2010/06/current-investigation-of-security-incident-update.html, I was running the latest version 2.9.2, had good Passwords, File permissions etc. Also, I think the main reason I will likely stay is it would be a pain to move all sites elsewhere. Lets just hope this awakens them. :-) Thanks again for your post! Thanks at ton for your article. I have found 3 of our WP sites that got hacked. I have had WP sites on the cloud for a while and I have had a good amount of them hacked. I was asking their support about 3-4 months ago if there is a reason the sites hosted there seemed to get hacked more often than other host I still have some other domains on and of course there is nothing they are doing wrong. That kind of bugs me. They do have good support and I will most likely stay with them as hopefully they are more aware now, but I wish they would take a little ownership and admit that they had some part in this. I just got another email this morning, http://status.mosso.com/2010/06/current-investigation-of-security-incident-update.html, I was running the latest version 2.9.2, had good Passwords, File permissions etc. Also, I think the main reason I will likely stay is it would be a pain to move all sites elsewhere. Lets just hope this awakens them. :-) Thanks again for your post!

]]> By: Otto http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-8010 Otto Thu, 24 Jun 2010 16:27:46 +0000 http://blog.unmaskparasites.com/?p=637#comment-8010 I don't know what you're talking about. Neither of those is a security hole, as to access any of those functions from the backend, you must be authenticated to begin with. I don’t know what you’re talking about. Neither of those is a security hole, as to access any of those functions from the backend, you must be authenticated to begin with.

]]> By: DE http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-7999 DE Thu, 24 Jun 2010 08:04:47 +0000 http://blog.unmaskparasites.com/?p=637#comment-7999 Actually just read the most recent update here from Rackspace. Looks like they have been proactively addressing things and helping to make recommendations on proper secure setup. http://status.mosso.com/2010/06/current-investigation-of-security-incident.html Actually just read the most recent update here from Rackspace. Looks like they have been proactively addressing things and helping to make recommendations on proper secure setup.

http://status.mosso.com/2010/06/current-investigation-of-security-incident.html

]]> By: DE http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-7998 DE Thu, 24 Jun 2010 07:44:21 +0000 http://blog.unmaskparasites.com/?p=637#comment-7998 @Rob La Gesse Any word on Rackspace Cloud and WordPress and what the issues were for Rackspace hosted sites? Am/was considering hosting there. @Rob La Gesse

Any word on Rackspace Cloud and WordPress and what the issues were for Rackspace hosted sites?

Am/was considering hosting there.

]]> By: max http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-7961 max Mon, 21 Jun 2010 07:02:42 +0000 http://blog.unmaskparasites.com/?p=637#comment-7961 @Otto Known isn't the same as none. Just because YOU don't know doesn't mean other individuals don't know. Two great starting points for example: http://core.trac.wordpress.org/ticket/12416 http://core.trac.wordpress.org/ticket/11819 Wordpress is as about as bug free as an ant farm and about as secure as a safe with no doors. Interesting that you also happen to work for Wordpress. @Otto

Known isn’t the same as none. Just because YOU don’t know doesn’t mean other individuals don’t know.

Two great starting points for example:

http://core.trac.wordpress.org/ticket/12416
http://core.trac.wordpress.org/ticket/11819

Wordpress is as about as bug free as an ant farm and about as secure as a safe with no doors.

Interesting that you also happen to work for Wordpress.

]]> By: Rohit Bansal http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-7939 Rohit Bansal Sun, 20 Jun 2010 04:44:35 +0000 http://blog.unmaskparasites.com/?p=637#comment-7939 Some other datacenter also infected like hodtdime (big datacenter) wordpress bugs are here http://core.trac.wordpress.org/query?status=accepted&status=assigned&status=new&status=reopened&status=reviewing&order=priority&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&type=defect+%28bug%29 Some other datacenter also infected like hodtdime (big datacenter)

wordpress bugs are here

http://core.trac.wordpress.org/query?status=accepted&status=assigned&status=new&status=reopened&status=reviewing&order=priority&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&type=defect+%28bug%29

]]> By: BugSlayer http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-7886 BugSlayer Thu, 17 Jun 2010 19:43:52 +0000 http://blog.unmaskparasites.com/?p=637#comment-7886 The proposed PhpMyAdmin attack vector seems unlikely to me, because it would be hard to have such a ubiquitous attack targeted at a single host using an XSRF vulnerability (unless maybe it was a Rackspace tech that was hit...). The proposed PhpMyAdmin attack vector seems unlikely to me, because it would be hard to have such a ubiquitous attack targeted at a single host using an XSRF vulnerability (unless maybe it was a Rackspace tech that was hit…).

]]> By: N http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/comment-page-1/#comment-7881 N Thu, 17 Jun 2010 13:33:16 +0000 http://blog.unmaskparasites.com/?p=637#comment-7881 Some posts about it here... maybe we can all gather info in one place? http://wordpress.org/support/topic/405684?replies=42 Some posts about it here… maybe we can all gather info in one place?
http://wordpress.org/support/topic/405684?replies=42

]]>