Anyone who has followed the “saga” of diysearch may be aware of my extremely bad luck with open source web-based applications. Well, that luck is continuing to hold. I use word press for this blog. While I like the features, and enjoy the interface, it to is turning out to be a real, well, piece of shit. I’m sorry, I know a lot of work has gone into developing this and the community support is strong, but their security is painfully lax.
I recently found that my site was used as an IRC server so that scam artists could swap stolen credit card numbers. They injected an IRC system called PsyBNC through an exploit in the XML-RPC system word press uses to expose a remote API for better blog management.
So, I am just bitter.
Well, these people drove a truck through this exploit, setup this IRC server and used it to swap stolen credit card numbers. I have the logs, I have the exploit scripts, I have everything I need that demonstrates exactly how they did this, and all fingers point to word press’s xml rpc script.
Home > About This Post
This entry was posted by on Sunday, May 14th, 2006, at 8:06 pm, and was filed in randomness.
Subscribe to the
RSS 2.0 feed for all comments to this post.
Post a Comment
You must be logged in to post a comment.