WordPress/Debian woes

Today I had problems with my WordPress installation on my Debian server again. Somehow, somebody managed to get access to my WordPress install and disable all the plugins, especially the Askimet plugin. Immediately, I got swamped with spam. I suspect that the WordPress package in Debian stable is not really well maintained and vulnerable, so I upgraded to WordPress 2.5 by backporting the unstable package. This was a very smooth process.

This is how it should work:

echo "deb-src http://ftp.de.debian.org/debian unstable main" >> /etc/apt/sources.list
apt-get update
apt-get build-dep libphp-phpmailer
apt-get source -b libphp-phpmailer
dpkg -i libphp-phpmailer_1.73-6_all.deb
apt-get build-dep wordpress
apt-get source -b wordpress
dpkg -i wordpress_2.5.0-1_all.deb

Following that, I went to the wp-admin page, performed the DB upgrade and everything was fine. Very smooth. (I did a mysqldump before thought, just to be sure)

Advertisements

5 Responses to WordPress/Debian woes

  1. Hi,

    The older versions of WordPress have huge security hole, and many folks have been affected (myself included).

    For more info: http://blog.emptyway.com/2008/03/30/wordpress-25-and-security/

  2. Thadeu Penna says:

    Vladimir,

    Sometimes, the version number does not say anything in Debian. The 2.0.10 version in Etch has security fixes updated to 09 Feb 2008, according the changelog. The incident with this blog may be either an undocumented security bug or something after Feb 08.

  3. miksuh says:

    “The older versions of WordPress have huge security hole, and many folks have been affected (myself included).”

    Debian project fixes those holes in the version which is in stable. So version number really does not tell the whole truth.

    If you install version from unstable, you will most likely install more broken version than what is in stable. New versios usually have new bugs which have not been found yet.

  4. lineeniap says:

    Great blog. I like layout!!!!

  5. Dafna says:

    I`m not install wordpress from deb package. In deb wordpress is very old.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: