Since a lot of poker blogs out there are powered by WordPress I thought I would help get the word out about a vulnerability that exists if you allow users to register on your site. On another (not poker related) blog I run I’ve been getting occasional posts in Polish. Which is odd because when I look at the poster he is listed as having “Contributor” permissions. That means he should be able to write posts but they can’t go live to the world unless they’ve been approved by me. How are they ending up on the website without my ever approving them? I don’t know but in investigating the issue I’ve run across a few other sites that have run into the same issue, including the same person (klamka13303) doing the posting. Their research seems to indicate that over 300,000 blogs have been hit by this guy already.
 |
|
If you are running WordPress you should take a moment and log into your admin control panel. From there go to Settings>>General. You will see the following options:
The safest route seems to be to disallow registration. If you’re the only person who posts on your blog you probably don’t need people to register anyway so it shouldn’t be too big of a deal. If you need to have people register on your site I guess your second option would be to set the default New User Default Role to “Subscriber” rather than Contributor. I’m not sure if that stops the exploit but in theory they wouldn’t even be able to create or save a post. Then again, they’re not supposed to be able to publish their own posts as a Contributor which is why just disabling user registration seems like the most prudent option if you can do it.
About Bill Rini
Bill Rini has been working in the online poker industry since 2004. He was a product manager for poker at Full Tilt and was the poker room manager at PartyPoker.
Bill has been blogging about online poker since 2003 and is considered one of the leading authorities on the online poker industry.
“I like What Bill Rini said in his blog” – Doyle Brunson
“In other news, we had Bill Rini write an absolutely home run blog.” Daniel Negreanu
“Industry insider Bill Rini has one of the most popular blogs in poker, with thousands of subscribers and fans regularly coming back for his universally respected insight into the industry” – Barry Carter (News editor for PokerStrategy, Co-Author: The Mental Game of Poker)
Using Social Media To Cover For Lack Of Original Thought
November 22, 2012
What Twitter is Really Like
November 13, 2012WordPress Developers
April 27, 20121&1 Website Hosting Review: WARNING!
March 22, 2012Changes Afoot At Bill’s Poker Blog
October 12, 2011Installing GeoIP And Geo Target Your Affiliate Ads
April 18, 2011Another Link Exchange Winner
February 01, 2011Strange Spam
June 23, 2010iPhone Goodness on Bill’s Poker Blog
June 22, 2010Online Poker and Data Mining
December 24, 2009
Rake Races on Cake and Full Tilt Poker
April 17, 2009Some Upgrades to Bill’s Poker Blog
February 18, 2009
Wise Up Google
January 12, 2009Google’s NoFollow Tag is a Joke
July 28, 2008Share
About Author
(3) Readers Comments
Leave a Reply
PokerBot Pro - The Scam Continues
Glazen is actually Stephen Glazer from Toronto, Ontario Canada. He's s
Red Kings the Most Spammy Poker Room?
One of the cheapest and most rigged site on the poker internet industr
Proof That Online Poker Is Rigged!
why do so many aces always come out in online poker? yesterday i co
It’s a question of range: Guest Post by Carl "The Dean" Sampson
A great book on ranges is Ed Miller's Playing the Player http://www
It’s a question of range: Guest Post by Carl "The Dean" Sampson
Consideration of ranges has improved my game. I'm always learning so I
Today in Poker History
- @Freddy_Deeb Wins WSOP Circuit Bicycle Casino Main Event, Jan 13, 2011
- PokerStars launches new product, Home Games Jan 12, 2011
- Pinnacle Sportsbook Exits US Market, Jan 11, 2007
- Viktor Blom (aka) Isildur1 confirms his real identity at PCA. Jan 8, 2011
- PokerRoom.com relaunches after being shut down 3 years prior, Jan 5, 2012
- DOJ reverses stance on poker and the wire act. Dec 23, 2011
- Two men unsuccessfully attempt to rob Greg Raymer at The Bellagio Dec 20, 2005
- Zynga floats IPO at $10 a share. Dec 16, 2011
- Epic Poker League issues Doyle Brunson lifetime membership Dec 14, 2011
- PokerStars Takes World Record for Largest Online Poker Tournament, Dec 4, 2011
Hi, my name is Bill Rini and this is my poker blog. I've been blogging about poker and the poker industry since around 2003-ish. Like most people I started out playing poker as entertainment in home games whenever we wanted to sit around and smoke cigars, drink beer, and eat pizza, and needed a good excuse. I started playing online shortly after the first online card rooms opened and it wasn't long before I was playing 20, 30, or even 40 hours a week or more. One day I received a phone call about a program manager position at Tiltware which was the company that consulted to Full Tilt Poker on software development and marketing. After Tiltware I spent about 2.5 years working at Party Poker where I was the poker room manager.
Amandeep Singh
Hi Bill… Thanks for the mention.. I have also stopped registration on my blog. Hope this is resolved by WordPress soon…
Pingback: Shorten Your Own URLs With YOURLS — Bill's Poker Blog
Stuart
Great info Bill, thanks alot, love the blog too, great read, laughs and good info too