isc.sans.org/diary.php?date=2005-07-03

it.slashdot.org/article.pl?sid=05/07/04/2153224&tid=95&tid=172&tid=169

WordPress itself is covered if you have applied the latest patch: codex.wordpress.org/Changelog/1.5.1.3, the download itself is here: wordpress.org/development/2005/06/wordpress-1513/

- patch phpBB, even if you cannot do the full upgrade, the critical part of the patch is only one line that you need to change now. Find the one line here: phpBB 2.0.16 announcement.

- patch XML_RPC: “pear upgrade XML_RPC” should do the trick, or visit the distribution site for more details.

- use the workarounds from Microsoft’s security advisory. Take special care to apply the suggested actions. Alternatively some sites will prefer to switch browsers to those that cannot do ActiveX to start with.

There may not be much you can do other than prod your host to take the above action. The more of you that check with your hosts the less likely blogs will come under attack successfully. Get the fix in place before the attack…

I’ve contacted my host, I’ll let you know there response.

Related Posts: