Blogs
We have just upgraded the following drupal modules on the stable server:
- Akismet
- Scheduler
- Admin-menu
- Pathauto
- Postcard
- Glossary
- What would Seth Godin do?
- Adsense
- External link
Please let us know if you run into any trouble, or get any wyrd messages (besides this one).
WW team
Web 2.0 is causing an explosion stretching the boundaries of what web sites can do. And in the rush to add features, security seems to have become an afterthought, both for participants as well as developers. Web 2.0 as a gestalt is an emmenthaler cheese (more holes than cheese).
At least the following threats for web (2.0) sites can be checked to see if we require protection from those:
The growing "importance" of so called “Web 2.0 social networks” and other web services in our private and business lives creates a perfect target for predatorial hackers by XSS attacks. December 19, 2007, the Register reports a Portuguese-speaking worm that attacks Google Orkut users.
We have disabled trackbacks on all our sites that run on the Drupal CMS, due to a spam attack on satirworkshops.com.
Satirworkshops attracted over 192.000 spams (increasing with several a second), causing the server's log files to fill up. WE have deleted the spams, and denied access to /trackback on all drupal sites. That way we prevent satirworkshops and other sites from being spammed, and our log files don't fill up too much, so all sites and services can continue to run..
We have done a quick investigation for anti-spam measures on drupal trackback, and found none. Hence the drastic measure above, unfortunately.
Affected sites :
This morning I noticed some oddities, and alert and aware, I woke up for my nine-headed hell hound rounds. When I checked events, I found the following watchdog event:
