Upgrade and new theme

October 27th, 2007 at 19:03 UTC by Steven J. Murdoch

Regular readers may have noticed that Light Blue Touchpaper was down most of today. This was due to the blog being compromised through several Wordpress vulnerabilities. I’ve now cleaned this up, restored from last night’s backups and upgraded Wordpress. A downside is that our various customizations need substantial modification before working again, most notably the theme, which is based on Blix and has not been updated since Wordpress 1.5. Email also will not work due to this bug. I am working on a fix to this and other problems, so please accept my apologies in the mean time.

Entry filed under: Meta

9 comments Add your own

  • 1. Clive Robinson  |  October 28th, 2007 at 16:07 UTC

    Good luck, and I hope things go smothly.

  • 2. Clive Robinson  |  November 3rd, 2007 at 10:10 UTC


    One sugestion for a possible “enhancement”.

    Currently it would appear that your search function does not include the posters name. Often this is handy when trying to find related information.


  • 3. Steven J. Murdoch  |  November 3rd, 2007 at 22:20 UTC


    I’m trying, as much as possible, to track the mainline Wordpress distribution. Otherwise each time I upgrade to fix the frequent security problems, my patches break. There is, however, a facility to browse authors posts, for example my posts are at: http://www.lightbluetouchpaper.org/author/sjmurdoch/

    You could also try submitting a feature request at Wordpress. Hopefully you’ll have more luck that me with my 2 year old security vulnerability :-)

  • 4. Clive Robinson  |  November 5th, 2007 at 13:13 UTC


    I’ll give it a try you knever know they might listen…

  • 5. paul  |  November 24th, 2007 at 02:24 UTC

    It looks like there is a patch undergoing testing that addresses this. It really does seem overdue.

  • 6. Thomas  |  November 24th, 2007 at 23:34 UTC

    Was it anything like this?

  • 7. Steven J. Murdoch  |  November 25th, 2007 at 01:14 UTC


    Very similar. The admin-ajax.php vulnerability was used, the backdoor was placed in /tmp, and then it was loaded as a plugin. The script looks identical too.

    However, where your attacker gave up, our one was more successful. He went on to upload a second backdoor, hidden amongst some other uploads, and then attempted to edit some of the Wordpress PHP files (but was prevented).

    After I removed the backdoors and changed the passwords, he still came back and tried to add links to some other compromised blogs which were hosting adverts for various pharmaceuticals. After a few days of unsuccessful attempts, he gave up.

  • 8. Thomas  |  November 26th, 2007 at 00:29 UTC


    Can you tell me more about this second backdoor you mention? Just to be on the safe side, I want to double-double-check that he didn’t leave anything that I did not discover (even though I’m pretty sure I’m covered – his /tmp backdoor did indeed fail to upload anything).

  • 9. autobuildit  |  October 25th, 2011 at 20:56 UTC

    I not to mention my friends came taking note of the nice helpful hints located on your web site then all of a sudden came up with an awful feeling I never expressed respect to the web blog owner for those strategies. These men became as a consequence excited to read through all of them and already have definitely been taking pleasure in those things. Appreciation for really being indeed thoughtful and then for going for these kinds of perfect resources millions of individuals are really eager to discover. My very own sincere apologies for not expressing appreciation to sooner.

Leave a Comment


Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


October 2007
« Sep   Nov »