Blog Strangeness

November 27th, 2005
 

I went to jimthompson.org this afternoon to follow a link I had stored there, and instead of the usual WordPress page, I got the following error:

Warning: main(./wp-blog-header.php): failed to open stream:
Permission denied in /…/wp/index.php on line 4

A little investigation reveals that the file wp-blog-header.php, along with a handful of others, had strangely had its permissions set to 0 – in other words, unreadable by anybody, including the web server. I have no idea why this happened; I checked last night’s backup, which revealed that, as of 3AM CST, the permissions were all normal. This happened to all the weblogs I host here, and I am in the process of repairing them. Following that, I’ll be writing or calling the Cubesoft people to ask what’s going on.

Update: I have repaired all the web sites; you may resume your weblogging.

Update: I now understand why this happened. Some people who are running older versions of WordPress have a vulnerability that has allowed attackers to break into their weblogs, so Cubesoft turned off all WordPress installations. Here’s the motd announcement:

[11/27/05] A considerable number of users running Wordpress installations
           have had their account compromised, due to vulnerabilities in
           several versions of the software. Since spammers are actively
           exploiting this bug, we are disabling all copies of the script
           to ensure that everyone is running a non-exploitable version.

We were never vulnerable. Our weblogs all run version 1.5.2, which is safe against the XMLRPC vulnerability.




5 Responses to “Blog Strangeness”

  1. Dr. Summer Lynn Thompson » Blog Strangeness Says:

    [...] 5

    Blog Strangeness
    Filed under: Uncategorized — Jim @ 6:52 pm

    See http://jimthompson.org/wp/2005/11/27/blog-strangeness/ for an explanation of why this weblog w [...]

  2. Bryn Power Says:

    [...]

    Sunday November 27th 2005, 6:55 pm

    Filed under: Uncategorized

    See http://jimthompson.org/wp/2005/11/27/blog-strangeness/ for an explanation of why this webl [...]

  3. It’s ALL ABOUT ME! » Blog Strangeness Says:

    [...]

    Blog Strangeness

    Filed under: Family — Jim @ 6:56 pm

    See http://jimthompson.org/wp/2005/11/27/blog-strangeness/ for an explanation of why this webl [...]

  4. A Blog Named Sue » Blog Archive » Blog Strangeness Says:

    [...] Out of a horrible season comes a nice story Blog Strangeness See http://jimthompson.org/wp/2005/11/27/blog-strangeness/ for an explanation of why this webl [...]

  5. Develop-Mental Says:

    XMLRPC Exploit Scans

    Recently an exploit was announced affecting PHP’s xmlrpc interface. WordPress (the makers of this site’s CMS system) announced their users were not affected (collective sigh of relief). However, many PHP based CMS and blogging sites are …