8 Replies to “Mypapit GNU/Linux Blog is now in WordPress!”

  1. About KCYAP:
    WordPress 2.0 Themes Competition Website got hacked – HOW?? Is there a security vulnerability in WordPress? Was the theme competition itself a hoax?
    Posted: 08 Mar 2006 20:18:33 +0000
    Update: It now appears that the kcyap theme competition was a complete hoax and the site owner made off with 188 WordPress 2.0 specific themes! The site itself has disappeared, the owner doesn?t respond to any questions nor does he make any attempt to restore the posts, etc. You can read up on some of the discussion in the WordPress Support Forums. I have removed the links to the hoax site so-as to not generate any additional traffic or inbound links for the jerk.
    There is a new WP 2.0 theme competition that is taking it?s place and being run by respected members of the WP community over at WordPress Arena.
    I ask that all theme designers who applied to the scam competition now enter the new, legit one ? and also would be extremely grateful if you would submit your themes to me, as well. While I?ve nothing to offer in the way of prizes (wish I could, but hopefully some fame and the knowledge that you?re helping the community will be inspiration enough), I am extremely eager to create a Comprehensive List of WordPress 2.0 specific themes (and have plans to create a blog specifically about themes to make it much easier for folks to find the theme of their dreams). Please email all theme info to howtoblog @ gmail.com with a subject of WP 2.0 theme ? thanks!
    On March 5th, the WordPress 2.0 Theme Design Competition that was being hosted by kcyap.com claimed that it got hacked (and that his entire database was erased):
    ?Very regret to announced that this competition blog website had been hacked. I have no backup for all this data and not sure if the server admin did have a backup on it or not. I am very sorry for this incident.
    The prizes will still be the same and i will upload once again all the submitted themes on by one from now. This may takes quite some time, please be patient.
    The result for this competition will still be announce don the 10th March 2006.?
    This should be a reminder to everyone to BACKUP YOUR DATABASE ON A REGULAR BASIS (I?ll write a how-to post on this shortly).
    And as many commenters pointed out, it was unacceptable for a site hosting a theme competition of this level to not have backups. Other commenters suggested the site owner use the Google cache to try to retrieve the old posts.
    However, the big question that?s on my mind – and which was brought up by CountZero is how did this happen??
    ?But the really more important task than assigning any guilt to anyone on this case, I suppose, is to find out how the hacker could compromise the machine. Did he use some undiscovered WordPress vulnerability, did he make use of those being published just about a week ago, or did he make use of other security issues on your server? Is it sure that these loophole(s) are closed now, and can you make sure there is no backdoor/rootkit left on the machine now??
    I hope the WordPress team is taking a good look at this to ensure that it wasn?t the result of some previously unknown security vulnerability in WordPress. Was the kycap Theme Competition Blog running on WP 2.0 or WP 2.0.1? And if he was running the latest version (WP 2.0.1), did the hackers get in through a WordPress security flaw, or through some other method related to his specific hosting situation? Or perhaps he had spyware on his PC and they had a keylogger which gave them access to his password so they could just easily log into his account. (Which reminds me that everyone should have Microsoft?s free Anti-Spyware software installed on their Window?s PCs)
    Additionally, there has also been speculation that the whole Theme Competition was a hoax (to gain google pagerank?). Many commenters have found it rather suspicious that even if the database was wiped that there still wouldn?t be backups of all of the themes that designers had submitted – after all, they sent them in through email. And what of all the ?unnamed judges? (which I always thought was a little shady..) – shouldn?t they have copies of the themes and their descriptions, as well?
    IMHO, the Theme Competition site owner (Justin) owes it to the WP community to work with both his webhost and the WordPress team to discover just how that site got hacked, and then reveal that information to everyone – both to restore his credibility and so that we can all know whether we need to be worried about the same thing happening to us – and learn from his situation about how to protect ourselves. Specifically, we need to know whether the hack stemmed from a problem with WordPress security. I?ll rest easier once this information is known, especially since I?m still entrenched in hoards of hours in porting How to Blog over to WP from TypePad (it was easy to import the posts, but there?s all this minutiae that?s taking hoards of hours to deal with as part of the transition).

  2. Congratulation! I wish to turn to wordpress too soon but i think it’s too hard transfering all the files, comment and most of it pictures =(

Comments are closed.