[Wylug-admin] Spam links in website

[Mark P Conmy]

On Mon, 17 Nov 2008, Mark P Conmy wrote:
> On Sun, 16 Nov 2008, John Leach wrote:
>> On Sun, 2008-11-16 at 13:23 +0000, Phil Driscoll wrote:
>>> On Sunday 16 Nov 2008, Mark P Conmy wrote:
>>>> The spam links are gone.
>>> 
>>> John, I assume this means we need to update our Wordpress
>>> installation (assuming current versions protect us from whatever
>>> methods were used to break into our version).
>> 
>> Hi Phil,
>> 
>> Last time spam was found, I cleared it out and upgraded Wordpress to the
>> latest secure version (after volunteering to take over the maintenance
>> of it).
>> 
>> There has not been a newer version of Wordpress released to fix any
>> security bugs that affect us (there have been some releases, but none
>> that were important or that affected us).
>> 
>> It's likely that the spam reported by Nigel today was stuff I missed
>> when cleaning up and was never removed (rather than added via an exploit
>> since).  The dates of the articles corroborate this somewhat (they
>> pre-date my upgrades).  Google seemed happy enough to put us back in
>> it's index so I assumed all was well.
>> 
>> I've sorted the site out again now.  I took down the "This site is
>> unmaintained" message that I assume Mark put up, removed the spam Nigel
>> found, and double checked the versions and available security updates
>> (none were required).
>> 
>> As usual, we'll have to keep an eye out - if more spam appears where
>> there was none before, then perhaps we have an unpublished vulnerability
>> on our hands - I doubt this is the case in this instance (though it is
>> not beyond Wordpress's codebase ;)
>> 
>> If anyone else spots any spam on there, just drop a line to me and I
>> will sort it out (there are others with access to Wordpress and can edit
>> posts though, so cc to the wylug-admin list I guess - if anyone wants
>> edit rights drop me a line).
>> 
>> Thanks for the heads up Nigel.
>> 
>> Mark, I appreciate you taking some immediate action, thanks.  But as I
>> hope you can see, the site is not "unmaintained" as claimed in the
>> message put up on the site.  Tbh, I'm sure you were short on time
>> (Sunday, unsupported site etc.) but it felt rather insulting to just
>> have a "This site is unmaintained" message on there (and no notice other
>> than "The spam links are gone").
>> 
>> I've created a maintenance.html that simply states the site is down for
>> maintenance and changed your redirect rule to point to that and
>> commented it out.  If you ever need to take the site down temporarily
>> again, you can just uncomment that line. (I tried setting an
>> ErrorDocument for the 503 code and using that for a maintenance message
>> but it wasn't liked by Apache).
>
> I think you need a new ISP.

And probably a new venue.

Kind regards,

Mark