don't get hax0r3d

march 3, 2007

If you're running Wordpress 2.1.1, upgrade to 2.1.2 immediately.  Looks like someone broke into their servers and modified the 2.1.1 download.  News about it here.  "If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately." In other hax0r-like news, the outward-facing CentOS box I run at home was hacked yesterday.  I logged into the box and found that there were root users logged in.  It was my bad.  All of the hacking can be accounted for because of "you should have known better" mistakes...Weak password, sshd allowed root logins (forgot to change that), and firewall let all hosts connect.  The box has been rebuilt and all those weaknesses corrected.