After much deliberation I’ve finally gotten around to upgrading my website to the latest version of the software, and while I was at it I decided to change the default appearance to something a little less busy.. which basically means that I played around with CSS until I happened across something that I like but which will probably cause everyone else to run screaming.
I know things are a little broken right now, I’m still sorting them out. I hope you like it.
The locations of the RSS and ATOM feeds have changed, so if you read this …
Attention all users of the Pivot weblog package! A remotely exploitable vulnerability was discovered in the /web/content/extensions/bbclone_tools/count.php file. This vulnerability can be used by an attacker to delete files from your web content directory, and if the register_globals PHP variable is set, it can be used to stage a remote file inclusion attack. One person (I'll blank their IP address) has already tried it on my website:
While going through my server logs tonight I keep seeing logfile entries like this:
a.b.c.d - - [13/Jan/2008:22:59:49 -0500] "GET /pivot/archive/2007/11/16/serious_vulnerability_found_in HTTP/1.0" 404 321 "http://drwho.virtadpt.net/archive/2007/11/16/serious_vulnerability_found_in" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)"
Someone's going to articles on my website that exist, but then they're clicking a link someplace in the article that's sending them to the same URL prepended with the string /pivot, and I can't figure out where or why they're causing …