RSS Feed

a playground of art, photos, videos, writing, music, life


You are here

Random Quote

In relation to a writer, most readers believe in the Double Standard: they may be unfaithful to him as often as they like, but he must never, never be unfaithful to them.
-- W. H. Auden


Blog - Blog Archive by Month - Blog Archive by Tag - Search Blog and Comments

<-- Go to Previous Page



I read that WordPress and other tools have suffered the type of attack that my site suffered yesterday. It's called SQL Injection. Without knowing my username or password, they manipulate my database just through the web address that they type in or by information they type into a form I have here on the site. So I spent a couple of hours tonight addressing any pages that might suffer this vulnerability and things should be secure now.

What pain, though. I lost a lot of great comments from you, and frankly, I miss them.

In the meantime, here's my current progress on a painting for a patron of my art - about halfway done.


by Brett Rogers, 12/23/2007 3:00:07 AM


That sounds like a major security issue with the database server. To be able to bypass your id and password and do a mass table overwrite is scary. Does the software manufacturer have a fix in the works for this? What a pain for you to have to put in controls to keep people from doing something they do not have the authority to do.

For the moron hackers, "what goes around comes around." Messing with good people for no reason will eventually catch up to you. May Santa put an extra lump of coal in your stockings.



Posted by Pale Rider, 12/23/2007 10:31:55 AM

Actually, it's not the server or my host. Oracle, mySQL, SQL Sever, and other databases are vulnerable to this kind of attack. It's a hole in the way that a web site interacts with its database behind the scenes. I'd never heard of this, so my web site wasn't coded for preventing it - but it is now.

And lemme tell ya... while I'd love to personally deliver that lump of coal to the jerks who did this, I'm actually grateful that they exposed it. My web site work from here forward will be coded to prevent these kinds of shenanigans.



Posted by Brett Rogers (, 12/23/2007 7:42:41 PM

Brent, the WordPress link you gave above takes me to a WordPress article that's a couple years old. Are the steps outlined in that article the ones you took to correct the damage done to your blog? Are you running an older version of Wordpress that was vulnerable to this attack? Are more current versions of WordPress not vulnerable to this particular issue? Also - when one downloads a newer version of Wordpress, can you just install it over the top of the existing version after making a database back-up? Thanks... Janet



Posted by Janet Green (, 12/27/2007 11:42:39 AM

LOL um, of course, that should be "Brett" instead of "Brent." Sorry! ~ Janet



Posted by Janet Green (, 12/28/2007 1:08:14 AM

Hey Janet

I don't use WordPress... I wrote my own blogware. I was just pointing out that other blogware had similar issues with this in the past; I'm in no way alone.

But it's been a great learning experience, either way.



Posted by Brett Rogers (, 12/28/2007 6:52:04 AM

Add Your Comment:
Name (required):
Web Site:
Remember Me:   
Content: (4000 chars remaining)
To prevent spammers from commenting, please give a one-word answer to the following trivia question:

What's the first name of the tiger who pitches Frosted Flakes?