I went to jimthompson.org this afternoon to follow a link I had stored there, and instead of the usual WordPress page, I got the following error:

Warning: main(./wp-blog-header.php): failed to open stream:
Permission denied in /…/wp/index.php on line 4

A little investigation reveals that the file wp-blog-header.php, along with a handful of others, had strangely had its permissions set to 0 - in other words, unreadable by anybody, including the web server. I have no idea why this happened; I checked last night’s backup, which revealed that, as of 3AM CST, the permissions were all normal. This happened to all the weblogs I host here, and I am in the process of repairing them. Following that, I’ll be writing or calling the Cubesoft people to ask what’s going on.

Update: I have repaired all the web sites; you may resume your weblogging.

Update: I now understand why this happened. Some people who are running older versions of WordPress have a vulnerability that has allowed attackers to break into their weblogs, so Cubesoft turned off all WordPress installations. Here’s the motd announcement:

[11/27/05] A considerable number of users running Wordpress installations
           have had their account compromised, due to vulnerabilities in
           several versions of the software. Since spammers are actively
           exploiting this bug, we are disabling all copies of the script
           to ensure that everyone is running a non-exploitable version.

We were never vulnerable. Our weblogs all run version 1.5.2, which is safe against the XMLRPC vulnerability.

This entry was posted on Sunday, November 27th, 2005 at 6:25 pm and is filed under Site. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.