The latest bug fix increment to the current stable WordPress version is now out. WordPress 2.0.3 addresses the recent low risk security vulnerability and adds a number of other small security and bug fixes. The biggest change in this version is the introduction of nonces to protect the admin pages instead of relying on referrers which are increasing being disabled by personal firewall software. Those of you using my WordPress Version Check plugin should now see an upgrade message in your WordPress admin pages.
Category: Security
Online or offline security issues
WordPress Version Check v1.0
WordPress Version Check v1.00 is now available.
The follow changes have been made in v1.00:
- Added support for WordPress v2.0-RC1 (see below for a screen shot)
- Added timeout to XML-RPC calls.
- Updated version number to 1.00.
Are Blog Spammers changing tack?
It seems that the comment spammers of the world are getting bored of fighting against comment spam prevention tools such as Spam Karma and Akismet and are looking for new angles in which to exploit the blogosphere. I awoke this morning to find my inbox brimming with Contact Form messages posted through the contact form on this site. The cheeky spammer(s) were trying to exploit the Contact Form as a way of sending email spam. Thankfully Ryan did a good job in writing his WP-ContactForm plugin and the spammer failed in his quest to turn my blog into an email spam gateway.
The spammer(s) it seems are trying a very simple trick to try and send blind carbon copy by including standard email headers in the contact form contents like the following example (original bcc email address removed) :
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: came of with his
bcc: email.address@domain.name5b4d9f4fd9e11dd3e4f434625a0848b7
I suspect that md5 looking string in the content is the spammers unique tracking id for this attempt so that they can keep track of which attempts succeeded.
WordPress Version Check v0.90
WordPress Version Check v0.90 is now available.
The follow minor changes have been made in v0.90:
- Improved check for Tiger Admin Plugin – When detected alternate CSS is used for message display. Thanks to MarkJ for the new and improved CSS.
- readme.txt included in the zip file with installation instructions.
- Updated version number to 0.90.
The following new features have been added in v0.90:
- Added support for wp-dash plugin with a builtin WordPress Version Check widget.
- For advanced users who are installing this plugin on multiple blogs that they administer for others you can now enable email notification of new messages.