greyduck.net

Looking For Quacks In The Pavement

I don’t wanna upgrade!

It started with an email. Lil’ asked,

When I went to my blog login, there was a big blurb in red that says:

“MAJOR SECURITY ANNOUNCEMENT
“Affecting all WP users (this is not specifically a Spam Karma problem). Please immediately disable ‘guest user registration’ on your blog if it’s enabled and advise all your friends to do so (details here). I cannot give too much technical details as it would further endanger vulnerable WordPress users, but trust me this is not a joke.”

I have no idea what this means….can you provide me with a clue?

So I went forth and researched. And researched. And researched. Apparently this is the second security flaw of its kind in WordPress, and it affects 1.5 series releases as much as it does the newer 2.0 series. Did I mention that all of us on this server are running 1.5.2?

The new 2.0.4 version is available as of… tomorrow? (This is July 28, and the date stamp on the official announcement is July 29. Does this guy have a TARDIS or something?) Problem is… there’s no fix for 1.5.2. Nor will there ever be a fix, I’m willing to bet. Sure, I’ve disabled ‘guest user registration’, which is actually something I do on every new WordPress install I create so I was ahead of the curve on this by a long ways, but still… if I want security fixes, I have to upgrade.

And upgrade. And upgrade. And upgrade. (Okay, I’ll wait on hers until after she’s finished with her Blogathon. I’m not that stupid.) And… well, you get the idea.

This is not how I wanted to spend my weekend, people. Truly.

UPDATE, Five Minutes Later: Duh. I can’t upgrade anything until after the Blogathon, or I’ll risk overloading my poor underpowered webserver. Well, guess what I’m doing over the course of next week?

5 Comments

  1. Man, you nearly cost me a new comp. chair! I nearly crapped a big one seeing this on the feed. Sheesh…. at least I’m in the know now.

  2. Then perhaps choose a hosted solution, you kind of begged to have this updating problem yourself.. don’t fool yourself into thinking some specific version of software is secure… forever… bugs get discovered, exploits are built 24/7.. other than that I am happy about my switch til WP 2.x and I hope you will be too…

  3. Also if you really do not intend on upgrading, you might not want to say so in public, since you practically lead them to your unpatched nest.

  4. Why, thank you, Fini. Without you here to guide me, I’d have continued believing that running my own server was inherently more rewarding overall than shelling out for a “hosted solution,” where I could be waiting as long as it takes for someone to get around to running an upgrade for me… and hoping they did it right. Not only that, I’d have blissfully continued believing that all software is perfect right out of the gate!

    And who knew that hackers troll blog entries looking for unpatched systems? Here I thought they had automated tools for that sort of thing.

    Silly me, eh? *cough*

Comments are closed.

© 2019 greyduck.net

Theme by Anders NorenUp ↑