Xepher.Net Forums

Xepher.net => Announcements => Topic started by: Xepher on January 03, 2018, 10:30:49 am

Title: Update Your WordPress Installs!
Post by: Xepher on January 03, 2018, 10:30:49 am
:UPDATE:
Just as everyone seems to have finally been updated, Wordpress goes and breaks their auto-update process.

https://wordpress.org/news/2018/02/wordpress-4-9-4-maintenance-release/

Everyone (in the world) needs to update manually and then make sure auto-updates are enabled again!


----
Over the New Year we had an account compromised (almost certainly through a MILDLY out of date WordPress install) and it was used to attack other servers, leading to a warning from my VM provider.

Going forward, I'm going to be requiring that all WordPress installs be maintained and kept up to date. To enforce this, I've written a scanner that will automatically find and check the version of any WP installs, and it will be emailing me any time someone is out of date. If you have WP on your site, please go update it NOW to at least version 4.9.1.

As WP is a very popular target, even an install a week out of date can be vulnerable, and so I will be disabling accounts if/when that happens. I've already disabled several, and sent emails of warning to many others. If your account was one that was disabled, email me, and I can release it and allow you to update things. Also, please make sure your offsite contact email is kept up to date so that I can contact you in cases like this. Too many times I have to resort to disabling accounts to get the owners attention, and I'd prefer to avoid that.

Sorry to have to be so strict about this, but with the potential to leverage this server to attack remote targets, the threat is serious enough that I have no choice. If you have any questions or thoughts though, feel free to ask below, or contact me directly if you prefer.

Thank you all for understanding!
Title: Re: Update Your WordPress Installs!
Post by: Turnsky on January 03, 2018, 11:15:57 pm
Can attest this works, just happened to check the forum saw the message, went to check the site to update the WP install... lo and behold. :B