Upgrade and new theme

Regular readers may have noticed that Light Blue Touchpaper was down most of today. This was due to the blog being compromised through several WordPress vulnerabilities. I’ve now cleaned this up, restored from last night’s backups and upgraded WordPress. A downside is that our various customizations need substantial modification before working again, most notably the theme, which is based on Blix and has not been updated since WordPress 1.5. Email also will not work due to this bug. I am working on a fix to this and other problems, so please accept my apologies in the mean time.

9 thoughts on “Upgrade and new theme

  1. @Steven,

    One sugestion for a possible “enhancement”.

    Currently it would appear that your search function does not include the posters name. Often this is handy when trying to find related information.


  2. @Clive

    I’m trying, as much as possible, to track the mainline WordPress distribution. Otherwise each time I upgrade to fix the frequent security problems, my patches break. There is, however, a facility to browse authors posts, for example my posts are at: http://www.lightbluetouchpaper.org/author/sjmurdoch/

    You could also try submitting a feature request at WordPress. Hopefully you’ll have more luck that me with my 2 year old security vulnerability 🙂

  3. @Thomas

    Very similar. The admin-ajax.php vulnerability was used, the backdoor was placed in /tmp, and then it was loaded as a plugin. The script looks identical too.

    However, where your attacker gave up, our one was more successful. He went on to upload a second backdoor, hidden amongst some other uploads, and then attempted to edit some of the WordPress PHP files (but was prevented).

    After I removed the backdoors and changed the passwords, he still came back and tried to add links to some other compromised blogs which were hosting adverts for various pharmaceuticals. After a few days of unsuccessful attempts, he gave up.

  4. @Steven

    Can you tell me more about this second backdoor you mention? Just to be on the safe side, I want to double-double-check that he didn’t leave anything that I did not discover (even though I’m pretty sure I’m covered – his /tmp backdoor did indeed fail to upload anything).

  5. I not to mention my friends came taking note of the nice helpful hints located on your web site then all of a sudden came up with an awful feeling I never expressed respect to the web blog owner for those strategies. These men became as a consequence excited to read through all of them and already have definitely been taking pleasure in those things. Appreciation for really being indeed thoughtful and then for going for these kinds of perfect resources millions of individuals are really eager to discover. My very own sincere apologies for not expressing appreciation to sooner.

Leave a Reply

Your email address will not be published. Required fields are marked *