It seems like I’m always using an old WordPress generation, but hopefully without suffering too much from security issues. After upgrading I installed New Tag Cloud and converted my categories to tags. Unfortunately that means that all my posts are uncategorized now! I also need to fix the CSS styling for the tag cloud.
The WordPress Pharmacy Hack
A number of WordPress blogs around the world have been hacked (or cracked, whichever word you prefer) and a "pharmacy" subdirectory have been injected below the WordPress root. I know of these victims at the moment:
azin.se
benniboedker.dk
www.blog-celeo.com
www.digitalrights.gr
www.toscaninelmondo.org
www.vdomck.org
www.yerbastory.pl
The injected web pages are advertised by fooling Yahoo! search to make a weird GET request to a totally different web site, resulting in log lines like this:
74.6.17.184 – – [29/Aug/2008:04:03:50 +0200] "GET /\"//example.com/blog/pharmacy/spam.html\" HTTP/1.0" 404 15145 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; //help.yahoo.com/help/us/ysearch/slurp)"
I really recommend every WordPress user to add at least one extra level of protection to their wp-admin subdirectory. It’s not safe.