[Wylug-admin] Spam links in website

John Leach john at johnleach.co.uk
Sun Nov 16 19:32:18 UTC 2008


On Sun, 2008-11-16 at 13:23 +0000, Phil Driscoll wrote:
> On Sunday 16 Nov 2008, Mark P Conmy wrote:
> > The spam links are gone.
> >
> John, I assume this means we need to update our Wordpress installation 
> (assuming current versions protect us from whatever methods were used to break 
> into our version).
> 

Hi Phil,

Last time spam was found, I cleared it out and upgraded Wordpress to the
latest secure version (after volunteering to take over the maintenance
of it).

There has not been a newer version of Wordpress released to fix any
security bugs that affect us (there have been some releases, but none
that were important or that affected us).

It's likely that the spam reported by Nigel today was stuff I missed
when cleaning up and was never removed (rather than added via an exploit
since).  The dates of the articles corroborate this somewhat (they
pre-date my upgrades).  Google seemed happy enough to put us back in
it's index so I assumed all was well.

I've sorted the site out again now.  I took down the "This site is
unmaintained" message that I assume Mark put up, removed the spam Nigel
found, and double checked the versions and available security updates
(none were required).

As usual, we'll have to keep an eye out - if more spam appears where
there was none before, then perhaps we have an unpublished vulnerability
on our hands - I doubt this is the case in this instance (though it is
not beyond Wordpress's codebase ;)

If anyone else spots any spam on there, just drop a line to me and I
will sort it out (there are others with access to Wordpress and can edit
posts though, so cc to the wylug-admin list I guess - if anyone wants
edit rights drop me a line).

Thanks for the heads up Nigel.

Mark, I appreciate you taking some immediate action, thanks.  But as I
hope you can see, the site is not "unmaintained" as claimed in the
message put up on the site.  Tbh, I'm sure you were short on time
(Sunday, unsupported site etc.) but it felt rather insulting to just
have a "This site is unmaintained" message on there (and no notice other
than "The spam links are gone").

I've created a maintenance.html that simply states the site is down for
maintenance and changed your redirect rule to point to that and
commented it out.  If you ever need to take the site down temporarily
again, you can just uncomment that line. (I tried setting an
ErrorDocument for the 503 code and using that for a maintenance message
but it wasn't liked by Apache).

Thanks everyone,

John.

-- 
http://johnleach.co.uk





More information about the Wylug-admin mailing list