|
 |
RSS Feed  |
a playground of art, photos, videos, writing, music, life |
|
|
You are here
|
Creativity!
|
Get it!
|
I like it!
|
Fun stuff!
|
About me...
|
| |
|
|
|
|
Random Quote
You can always write something. You write limericks. You write a love letter. You do something to get you in the habit of writing again, to bring back the desire.
-- Erskine Caldwell
|
|
|
|
|
|
|
|
|
|
Blog - Blog Archive by Month - Blog Archive by Tag - Search Blog and Comments
|
<-- Go to Previous Page
I read that WordPress and other tools have suffered the type of attack that my site suffered yesterday. It's called SQL Injection. Without knowing my username or password, they manipulate my database just through the web address that they type in or by information they type into a form I have here on the site. So I spent a couple of hours tonight addressing any pages that might suffer this vulnerability and things should be secure now. What pain, though. I lost a lot of great comments from you, and frankly, I miss them. In the meantime, here's my current progress on a painting for a patron of my art - about halfway done.  |
by Brett Rogers, 12/23/2007 3:00:07 AM
Permalink
|
|
|
|
| Comments
|
That sounds like a major security issue with the database server. To be able to bypass your id and password and do a mass table overwrite is scary. Does the software manufacturer have a fix in the works for this? What a pain for you to have to put in controls to keep people from doing something they do not have the authority to do. For the moron hackers, "what goes around comes around." Messing with good people for no reason will eventually catch up to you. May Santa put an extra lump of coal in your stockings. |
| | Posted by Pale Rider, 12/23/2007 10:31:55 AM |
|
|
Actually, it's not the server or my host. Oracle, mySQL, SQL Sever, and other databases are vulnerable to this kind of attack. It's a hole in the way that a web site interacts with its database behind the scenes. I'd never heard of this, so my web site wasn't coded for preventing it - but it is now. And lemme tell ya... while I'd love to personally deliver that lump of coal to the jerks who did this, I'm actually grateful that they exposed it. My web site work from here forward will be coded to prevent these kinds of shenanigans. |
|
|
Brent, the WordPress link you gave above takes me to a WordPress article that's a couple years old. Are the steps outlined in that article the ones you took to correct the damage done to your blog? Are you running an older version of Wordpress that was vulnerable to this attack? Are more current versions of WordPress not vulnerable to this particular issue? Also - when one downloads a newer version of Wordpress, can you just install it over the top of the existing version after making a database back-up? Thanks... Janet |
|
|
LOL um, of course, that should be "Brett" instead of "Brent." Sorry! ~ Janet |
|
|
Hey Janet I don't use WordPress... I wrote my own blogware. I was just pointing out that other blogware had similar issues with this in the past; I'm in no way alone. But it's been a great learning experience, either way. |
|
|
Add Your Comment:
|
|
|
|
|
|
