Time to Upgrade Your WordPress Blogs

February 6, 2008 by PatB |

Yesterday, WordPress released a new version of their popular blogging software in response to a security issue. Apparently, there is a concern about the parsing of the xml remote procedure call. It seems specially crafted requests could allow anonymous, unauthenticated users to edit posts or even potentially deface a blog.

The bad guys would likely use this exploit to distribute malware or bomb Google with false information, thus driving hits to malware-hosting sites, and spreading botnets.WordPress also wanted to remind everyone to change site passwords regularly, and software updates or upgrades are good reminders to make that important, internal security change.More on this here at WordPress’ Dev Page.

On another note, has anyone else seen the enormous spike in blogspam over the past few days? The amount of spam I see has more than tripled.

Most of the spam comments were designed to pull search engine hits away from authentic, reputable Web sites (such as auto dealers) to new sites hosting malware. This represents a shift in tactics employed by phishers.

In light of this, you may want to exercise caution when visiting sites resulting from search requests. If you haven’t already done so, download and use McAfee’s SiteAdvisor utility. It is free and will validate search results, ensuring the sites you want to visit are not malicious before you click on them. It keeps me from visiting sketchy sites every day.