shelleyp

Deleting the invisible tab in the private key box worked for me. Thanks for providing an easy solution!

And thank you for providing such a useful plugin

No way. This is one that needs to be discussed right up front, for all the WP users to see and appreciate.

There have been patches for this, and people have installed Atom 1.0 patches, but they never get rolled out. The developers are aware of this.

No that has to do with autodiscovery. I have my own hacked version of Atom 1.0 for WordPress, but I had hoped I wouldn’t have to continue using it.

Yes, and it just happened out of the blue with another weblog.

And yes, literally out of the blue. No new posts; no changes in the site; no changes in the database.

If the server had changed, should have broken all my weblogs.

And the way the code is now, impossible to debug.

notthatugly, I have a patch file that will fix this vulnerability. If you email me, I’ll send it to you or tell you how you can find it.

[email protected]

Kay9, be aware that this is some unknown security fix in amongst these files. If you keep the code from your previous fixes, you may actually be keeping a security bug of some form.

You may want to just try out the new version and not add back in the modifications, until you know for sure you need them. After you’ve backed up your existing files, of course.

podz, security doesn’t work that way, especially with an open source application.

Once you’ve provided a patch or a fix, you need to identify what the security problem is, so that people can make an informed decision. It might help if the team provides a security patch for those who can’t upgrade.

Those of us who have forked the code–a legitimate action, by the way, in true open source development–should be made aware of any vulnerability in the parent code we may still be using, though I will be going through the fixes individually and have a clue what the problem might be (because of the name of the person who submitted the security concern).

Keeping the problem quiet before a fix is understandable — but not after the fix is provided.

If your host provides cpanel or another site control tool, you usually have access to a file management tool that will allow you to delete these files.

However, this should be added to the bugs database for a 1.5.1 release, so that file uploads through the web API interface are also set with permissions that allow anyone to delete or move the files, not just the owner. WordPress image uploads work this way in 1.2 and up I believe.

I’ll see if I can find something whole and post a link to it. Or if not, I’ll try and recover the pieces and post a link to it.
I won’t ask what happened to root, other than to hope that he’s well; but it’s a shame he quit so abruptly.

podz, I had downloaded this and used it at the Kitchen, but it’s been modified.
What happened to root’s weblog?

Not strange, as detailed in this support thread.

giorgio, the comments probably came in during a specific timeframe. First, make sure that you have a backup of your database. Your ISP should be doing nightly backups, or you could use mysqldump from the command line (if you don’t have ssh access, you should also be able to save the database through PHPMyAdmin, using Export, though I’ve had problems with this).
In PHPMyAdmin, click on the SQL tab, which will open a window to type in a SQL statement. What you’re after is all comments between a particular timeframe, which should give you all your spam comments. Note, though, that there may be a few good ones, and you may have to refine your actions into multiple deletions, to eliminate the bad and keep the good.
What you’re first going to type is a SELECT statement, to test the query to make sure that you’re only deleting the comments that are ‘bad’. Type in something like the following, assuming that you used the default prefix with the WordPress tables:
SELECT *
FROM wp_comments
WHERE comment_date > '2004-11-15 01:10:04'
AND comment_date <= '2004-11-20 00:10:04'
This will return all comments between 1:10AM, November 15th, and ten minutes after midnight, November 20th. Adjust the date values for your own case. The last six values are the hour, minute , and second in 24 hour time.
Once you’re sure your query highlights the bad comments only, adjust it to the following:
DELETE FROM wp_comments
WHERE comment_date > '2004-11-15 01:10:04'
AND comment_date <= '2004-11-20 00:10:04'
This will delete all comments for that period.
Use this with caution.

You’re set up to automatically ping pingomatic.com for each new post. Check in Options, under Writing.
This will ping every service in the world and let every spam bot know where each live one is.

Thanks Ryan, missed this in the page. Teach me to look more closely.
That did the trick.

Yes we’re aware that we use nightlies at our own risk, podz. We assumed that the developers might possibly be interested in hearing users’ results in using said code.