I went to jimthompson.org this afternoon to follow a link I had stored there, and instead of the usual WordPress page, I got the following error:
Warning: main(./wp-blog-header.php): failed to open stream:
Permission denied in /…/wp/index.php on line 4
A little investigation reveals that the file wp-blog-header.php, along with a handful of others, had strangely had its permissions set to 0 – in other words, unreadable by anybody, including the web server. I have no idea why this happened; I checked last night’s backup, which revealed that, as of 3AM CST, the permissions were all normal. This happened to all the weblogs I host here, and I am in the process of repairing them. Following that, I’ll be writing or calling the Cubesoft people to ask what’s going on.
Update: I have repaired all the web sites; you may resume your weblogging.
Update: I now understand why this happened. Some people who are running older versions of WordPress have a vulnerability that has allowed attackers to break into their weblogs, so Cubesoft turned off all WordPress installations. Here’s the motd announcement:
[11/27/05] A considerable number of users running Wordpress installations have had their account compromised, due to vulnerabilities in several versions of the software. Since spammers are actively exploiting this bug, we are disabling all copies of the script to ensure that everyone is running a non-exploitable version.
We were never vulnerable. Our weblogs all run version 1.5.2, which is safe against the XMLRPC vulnerability.