(mt)
- Started
- Last post
- 26 Responses
- phatwrx0
Run a DV setup with 3-4 WP installs and none so far have issues.
- ukit0
What to make of this
http://johnkary.net/mediatemple-…
"MediaTemple asserts in a July 16, 2010 blog entry, “We do not believe that this is an infrastructure issue, but we are still investigating the root cause(s).”
I believe I have evidence to the contrary."
...
"MediaTemple’s head of support and a few sysadmin/security guys were nice enough to give me a call...they believe someone possibly obtained a list of database credentials, then used those credentials to scan and inject code."
(mt) themselves comment on the blog post and don't seem to contradict what he's saying...
- I have no way to know if that's true. But based on my experiences thus far it sounds very, very likely.nocomply
- nocomply0
Just found out about a cool plugin that locks you out of wp-admin for a set amount of time after a number of failed login attempts.
http://wordpress.org/extend/plug…
I installed it and tested it on wp 3.0.1 and it seems to work great.
Thoughts? I figure it couldn't hurt, right?
- acescence0
you're always better off on a dedicated or virtual private server. on a shared setup you're only as secure as the least secure of the other 200 accounts on your box if the server setup has a potential security hole somewhere.
- ukit0
Could some of this even be fall out from this incident?
http://michaeltorbert.com/blog/m…
All of this is confusing obviously because (a) other hosts have been hit as well (b) Wordpress is exploitable all on its own, but here we have a case where a huge amount of user login information was extracted from one of Mediatemple's servers.
This was last November, but with all the accounts I wonder if it's possible that they are still dealing with the fall out from that...with the hackers attacking in waves rather than all at once.
- nocomply0
ukit - You might be correct on some accounts, but my 2 sites running wordpress that were hacked over the weekend were on gs accounts that were not even created until well into 2010.
Also another client of mine who was being hosted through network solutions had their wordpress site hacked a few months ago. (side note - I DO NOT recommend hosting with network solutions!)
It's definitely going around, but it is very concerning to me how many of these hacks have happened on MT lately.