Press "Enter" to skip to content

Posts tagged as “wordpress”

The Dog Ate Our Poll Results

Or desparately seeking Schrödinger’s cat’s data

Right about now is the time we told you we’d be giving you the results of the poll we started last week detailing the methods our readers use to receive and send emails. Well, it ain’t going to happen. Nor are we going to tell you next Wednesday about the results of the poll we put up late Sunday night on how you feel about Microsoft as an open source company. Why? The best we can come up with is “the dog ate our homework.” Actually, none of us has a dog, so that’s out. We’ll just say the poll data ran away from home.

Debian Live Dead, Linux Ransomware & More…

FOSS Week in Review

Larry’s away today, hiding beneath his tinfoil hat and hoping to escape the ravishes of Friday the thirteenth, so I was volunteered to write this week’s review. Sorry. Larry will return next week.

G’bye Debian Live: By now you’ve probably heard the news that evidently the Debian Live project is no more. This according to the project’s leader, Daniel Baumann, who posted An Abrupt End to Debian Live on the Debian website on Monday. According to him, the project was “hijacked by the Debian-cd and the Debian-installer teams.”

Debian LiveDebian LiveReading the post, you might be excused for thinking it’s not all wine and roses over in Debian-land. “Debian can be great,” Baumann wrote. “But depending on who you are, where you come from, and who your friends are, Debian can also be hateful and full of deceit.”

Six WordPress Plugins Vulnerable

In the same week that we learned from W3Techs that the popular open source content management system (CMS) WordPress now powers a full 25 percent of all sites on the web, we learn that six popular WordPress plugins contain serious security vulnerabilities. The later news comes to us by way of security firm Wordfence, which specializes in WordPress security and develops the Wordfence security plugin for the platform.

WordPress logoWordPress logoThis news isn’t surprising, nor is it cause for alarm. Because WordPress is by far the most popular content management platform on the web, it’s an obvious target for hackers, and third party plugins are the most obvious way inside. However, the folks at Automattic, which develops the platform, have proven themselves to be diligent at finding vulnerabilities and keeping them patched.

WordPress Upgraded to Fix Security Holes

Website publishers using the popular free and open source WordPress content management system (CMS) woke up this morning to find that their sites had been upgraded to version 4.2.2. Users who’s sites somehow missed being automatically upgraded are urged to update immediately, as this update addresses several important security issues. According to Wordfence, maintainers of a popular WordPress security plugin, this release fixes one recently discovered vulnerability and further hardens a security issue that was addressed in version 4.2.1.

WordPress Plugin ‘Simple Ads Manager’ Exploit

Anyone who runs sites using the WordPress platform and the plugin Simple Ads Manager will want to read this and learn from our mistake. Even those not using this particular plugin, but who have deactivated plugins not being used but still residing on their servers might find this useful. Luckily, in our case no harm was done, but that’s only because the incident occurred on a test site, so we were able to just take the site down. Lucky for us, it wasn’t FOSS Force or one of our other active sites.

Early Saturday evening we began receiving numerous email notices with two worrisome subject lines from our server. One subject was “LOCALRELAY Alert for sitename,” being sent to us at the rate of about every five minutes, with each showing info on the “first ten of 101 emails” that had been sent by the server since the last email notification. The other subject, “Script Alert for /path/to/script” was coming with the same frequency. To make a long story short, someone had hacked into a site we use to evaluate and test WordPress plugins before possibly deploying them on active sites, and was using it to send spam. Our test site had been turned into a spambot in other words.