The Half Ashed Cigar Forum

It's been working perfectly for me since I posted that. It isn't for you?

No, it was the same issues as you described previously. I'll check it out again today to see if it subsided after restarts, cache cleansings, updates (though I don't think I was missing another one), etc. Stay tuned!

Hmm. Kind of a sleepy, dull Sunday afternoon. What can I tinker with today....

I don't know if anyone here keeps up with such things, but WordPress has been the cause of much heartburn the past few days. A vulnerability turned up last week - which was patched in the core code, but potentially thousands of plugins used the bad code. They're being patched as developers get to it...if the plugins are still under development (woe to folks using outdated plugins). The WP team were concurrently releasing another update at the time the vulnerability became known, which caused some snafus with timing. Overnight last night, a certain European website published a video showing how to exploit a different vulnerability through the commenting system. Non-jackwagon types would have reported the vulnerability to the software author so it could be patched without the whole hacking world knowing about it. But, they didn't. So, there are countless website getting hacked today. The problem allows someone who knows about it to commandeer control of a site by executing a particular script through a comment - and possibly hijacking the admin account.

WordPress is the platform used on about 25% of the world's websites (yes, you read that right). It's a big, big target.

It's what we use here on Half Ashed as well - for the blog; NOT the forum.

I say all that as simple background. The gist of the story is this: I have temporarily disabled comments on the blog until a patch is released. The forum will operate as normal, but the blog is locked down at the moment.

We are updated and secure (well, as secure as a website ever is). Comments have been turned back on.

You are a great American!

Seriously, when I die, I want to come back as Kip's free time. I'll lead a long and prosperous life!

The whole world's gone tits-up with this fiasco. I'm fielding updates by the hour - or minute in some cases. One particular plugin I use to create some of the pages put out a fix this morning that dang near broke everything. It's entirely hosed. I had to restore last night's database backup to reclaim the home page (thank God I happened to do that last night after yesterday's changes).

Funny thing is, the original vulnerability has been out there since 2009...it took this long for someone to figure it out. Now we're about 4 generations deep in "fixes."

Yuck. I've been too scared to look at my site. Saving it for when I can actually spend time on it


Kid Corona

Might want to give it a peek and either: update everything that needs it or disable comments. The comments are where the previous vulnerability was open. Most of the dust has cleared now, except for Visual Composer which has screwed up about 15 hours of work I've put in the past couple weeks....