Kiddies with scripts
The newest WordPress is 2.8.5, which among other things fixed this:
There is a script knocking about on the internet at the moment that allows an attacker to run some code that will bring your WordPress blog to its knees. This will more than likely cause your host to get annoyed as well.
What it does: it performs a trackback request to the file wp-trackback.php, but it sends a massive (over 200,000 characters) string that WordPress will take at face value and accept as a legitimate trackback. The first time this is run WordPress will write it to the database, but every time after that it will run a select query to see if the trackback exists. Even though this isn’t a legitimate trackback WordPress will still process it on every request, causing a massive overhead as each large string is processed.
I’m pretty sure I’ve been hit with this at least once. For that matter, there are still people trying to hit the old Movable Type install, which hasn’t been active in over a year.
Then again, I’m just a user and have no idea what I’m doing:
When WordPress was just a small project, the core userbase was made up of developers. Today, I’d guess that 75% of those who use WordPress are end users while 25% are developers. Developers are smart people and they understand how things work. These are the people the 75% rely on for help. What happens if the majority of support these folks offer every single day becomes answers to questions such as simple HTML, uploading via FTP, upgrading, etc. Couple that with the fact that WordPress is becoming more and more user driven meaning the software will continue to be dumbed down to make it as easy as possible for everyone with a voice to make it known on the web and you have a scenario where the developers move on to a new project that has that feeling of being small with the majority of the user base being developers. This would leave the WordPress userbase consisting of not only end users, but fewer people who know the ins and outs which I think would hurt the community over time.
I’m not sure that making the package more comprehensible qualifies as dumbing down, but then I spent half the morning yesterday trying to persuade Lotus Notes to comprehend a WordPress theme, after which I felt fairly dumb.
Sheri »
22 October 2009 · 10:46 am
If only we could harness the scriptkidz’ energies and talents and put them in some sort of hamster-wheel situation. They could fight terrorism. I’m serious. They’re not stupid. I sort of admire them, in a way. They need to be focused on terrorism. They could bring the jihadists to their knees, or at least frag on their asses or something.
fillyjonk »
22 October 2009 · 11:29 am
What Sheri said. If they could only use their powers for good.
Lisa Paul »
22 October 2009 · 4:06 pm
Er Chaz, are you saying I shouldn’t upgrade? Or I should hug a programmer.
CGHill »
22 October 2009 · 4:33 pm
You’ve already got the latest WP, from the looks of things.
In computing generally, those who know how to repair things got that way because those same things broke on them several times. If I have any expertise here, and I’m not saying I do, it’s due to this sort of baptism by fire.