by RayPublisher 87 Replies latest members private
Simon
One more thing. As I pointed out, this thread is about a "concerted attack on ex-JW websites."
If it is now deemed inappropriate to discuss the unsupported premise of a concerted Watchtower attack, and the penalty is to be labelled an attention whore if you happen to operate one of the attacked websites and are open to said premise, maybe you should close the thread to avoid others making my mistake?
Cedars
A known vulnerability in dissident websites of a particular religion? Fair enough. You will know more than me.
Do you honestly think that 'only' exJW websites were attacked or were many, many wordpress sites affected?
The reality is that redirecting sites like this is big money. If they can redirect visitors to a dodgy site that installs something then they can sell access or use of those machines for real money. This isn't people dicking around for kicks ... it's organized crime.
Well don't jump down my throat about it just because I can't furnish evidence - and never claimed to be able to furnish evidence. Am I not allowed to have a hunch? I'm just adding what I know to a thread someone else started. Geez!
Actually, no, you're not allowed to have a hunch without making it clear that there is zero evidence for the claim.
Part of being a responsible web owner is not spreading fear and uncertainty by claims without any real evidence. People read something by a site owner or webmaster and assume it must be true. I don't think this does anyone any good in the long term.
You also put yourself at risk by making claims of illegal action by a large corporation.
Simon - noted. I will be sure to add the "no hunches" rule to my mental list of enforceable posting guidelines not listed below.
Cedars
One more thing. As I pointed out, this thread is about a "concerted attack on ex-JW websites."
Again, it's why it's important to be clear when people are posting supposition vs known facts.
If it is now deemed inappropriate to discuss the unsupported premise of a concerted Watchtower attack, and the penalty is to be labelled an attention whore if you happen to operate one of the attacked websites and are open to said premise, maybe you should close the thread to avoid others making my mistake?
No, I'm just suggesting that people don't make claims that go too far when the evidence is contrary to what they claim because it damages THEIR credibility.
I'm not posting directly at you Cedars, stop taking everything so personally, but I am trying to give sensible advice ... by all means, feel free to ignore it.
I will be sure to add the "no hunches" rule to my mental list of enforceable posting guidelines not listed below.
Diddums.
Simon
No, I'm just suggesting that people don't make claims that go too far when the evidence is contrary to what they claim because it damages THEIR credibility.
The people with whom I seek credibility allow me to have unsupported hunches. But thanks for the concern.
Cedars
To think that the WT is going to hack ex-jw sites is giving them to much credit. Wouldn't they just get a court order to shut down your website completely, like they did with jwsurvey? The WT GB has better tools and mountains of money to fight in a much more efective way, thus the reason why they keep our family members hypnotized to their propoganda and makes any person who speculates the ENEMY. Why bother with hacking?
Just for the record visual CAPTCHA can be bypassed too. Tests conducted back in 2002 on big sites like YAHOO! the CAPTCHA's were busted 92% of the time.
Yes CAPTCHA is not a complete protection. Nothing is ever completely secure because you get diminishing returns for investment and the environment is changing all the time (sites would never be updated because the cost of re-testing everything would be too high).
So yes, if someone is determined to attack your site then CAPTCHA will not be a 100% protection but it is still a very good detterrent 99% of the time. What you are trying to do is make them pass you by as 'not worth the trouble' or at least raise their costs and the resources required to attack you.
Having nothing in place and advertising that you are on a compromised version of a platform (which many sites do!) is like waving a big flag saying "we're open, come get us !". Bots will actually use search engines to find new targets that way.
My bets are with Simon on this one.
I know a lot of hackers.. and these are not serious hacks or attacks by skilled individuals by any stretch of the imagination. If they were these sites would not merely be redirected but they would have has their entire data bases and content totally wiped clean. There would be nothing left of them. Or they would at the vey least be defaced with new content. Hackers often can not resist leaving a calling card of some sort. My wager is that it's some simple malicious script and code inserted by an auto bot trawling the web for vulnerabilities and weaknesses. Redirection is amateur. Lets have peace gentlemen.. xx
OR, those running Wordpress sites vulnerable to known exploits can take the responsibility of keeping up with URGENT SECURITY UPDATES which are DESIGNED TO PATCH THESE SAME TYPES OF KNOWN VULNERABILITIES/EXPLOITS (such as 3.6.1 was designed to patch re-direction hacks such as this), in order to protect their READERS (who are needlessly exposed to having malware installed on THEIR computers after being redirected to another dodgy site, due to the owner's lack of concern for their security).
Posted September 11, 2013 by Andrew Nacin. Filed under Releases, Security.
After nearly 7 million downloads of WordPress 3.6, we are pleased to announce the availability of version 3.6.1. This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release.
WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:
BTW, anyone who's visited those compromised sites is advised to make sure YOUR computer's security patches are up-to-date, since YOUR PC is now vulnerable to being a bot by visiting the re-directed sites.
Adam
