I’m a little lazy, well, truth be told, a lot lazy. Even though I have a background in IT, I don’t back up my data, I don’t use protection (virus protection that is) and I oftentimes let upgrades and updates sit for long periods of time before applying them. Call it laziness, stupidity, or whatever, but there always seems to be something else on the list that is more pressing.
So I was a little shocked when I got the following comment from a very kind reader named CPU:
I have been reading your project blueverse.com via translate.google.com. Now I want to help you. … Yesterday, I learned that you have the plugin, which is a serious error. Plugin – Top Commentators Widget. Error in plugin allows any user to take a place in the list of active commentators. To do this, leave only 1 comment! To this end, the visitor must:
1. leave a comment
2. specify any name that is already in the LIST Top Commentators (eg, Daniel),
3. link to your siteNow the list of Top Commentators, under the name Daniel will be a link on someone else’s site.
First of all, let me say a big “thank you!” to CPU. He certainly didn’t have to tell me about the vulnerability and could have used it for his gain. The fact that he took the time to submit the comment to help out the blog as a whole was pretty awesome. Guess there still is decency and comraderee amongst us Internet users after all. That, in my opinion, is lesson #1: Help out the people around you, even when you don’t stand to gain from it.
Now you might be asking “why in the world are you putting this out there for everyone to see???”. As it turns out, the vulnerability was due to me using an old version of the Top Commentators Widget plugin. I just hadn’t updated things in a while.
Which leads to lesson #2: Update your plugins and blog software regularly. Don’t make the same lazy mistake I did. It’s easy to let those things slide. Heck, I, like a lot of people have a few blogs that are using pretty old versions of WordPress. But it’s not a good habit. If you have more than a couple of blogs, set aside time at least once a month to do updates. It’s not ideal, but it’s at least a start.
While you’re at it, put backups, system updates and virus protection on your list. Of course they’re a pain in the butt to do, and they take precious time you don’t feel like you have. But the alternative is ALWAYS much more painful. You’ll be kicking yourself hard the next time you have a hard drive crash or get hit with a virus and lose data, production time, or more.
To set a good example, I’ve already updated to the latest version of WordPress, updated all of my plugins, and even done a recent backup of important working files, music and pictures on my main production system. I use a Mac primarily, so I don’t worry too much about viruses…….yet.
So invest a little time in your working environment and the health of the tools you depend on every day. You’ll be glad you did.
March 21st, 2009 at 3:08 pm
You will be surprised as to how many decent people are still around. Anyway, you received good advise, and you have taken excellent action and shared with us. I am lazy too and shall follow your advise forthwith. Thank you.
March 22nd, 2009 at 4:41 pm
I guess the good old backup early, backup often is pretty much in the same place. I made it a habit for myself just to update all the plugins once the notification pops up + to just save all my posts at least every two weeks. As far as I remember there was a plugin to automate that… think I should look for that again.
March 22nd, 2009 at 3:14 pm
Honestly, I'm surprised they ever used the "Name" field as the field to process who made the comment. You think they would have used a more private field like Email which remains hidden to users.
Glad to see you changed it!
March 22nd, 2009 at 7:25 pm
I saw this the other day. My name was linking to an adult dating company!
I believe updating is very important and can avoid errors!
March 23rd, 2009 at 8:17 am
I thought this happened – I made some comments last month and got in the top commentators list, and then a few days later when I hovered over my name the link was to someone elses site…
March 24th, 2009 at 1:00 am
Okay.. Start from the day I'll do like this.. I never backup data.. I don't want loss my data.. Thank You Ryan..
March 24th, 2009 at 6:00 am
Glad you updated the plugin! That problem has been going around for a few days. People with like 100 comments lose credit to a new person who just made fresh comment.
March 26th, 2009 at 6:42 pm
What a weird choice to hijack your name. PS3 doesn't seem that useful fora dating site. Still, it's good that type of issue will be avoided in the future.
March 28th, 2009 at 12:00 am
There are still a lot of great people out there. This guy obviously likes to see things done fairly.
March 29th, 2009 at 12:21 pm
I don't want to cry for the loss of data and that's why need to backup of my data, thanks for the nice post.
April 3rd, 2009 at 9:03 am
Now you might be asking “why in the world are you putting this out there for everyone to see???”. As it turns out, the vulnerability was due to me using an old version of the Top Commentators Widget plugin. I just hadn’t updated things in a while.
April 4th, 2009 at 10:02 am
Amazing still i don't aware by this kind of cheap technique, but wat about email address if we add different email address which different than top commentators so still is it happen ?
April 8th, 2009 at 10:04 pm
Backup data is a weekly ritual for me I ve crashed and burned, now I use three backups two in cyberspace and one on a disc
April 10th, 2009 at 10:12 pm
I have also descovered it accidently because I have a common name and I ended up replacing one of the commentators on another blog. Turned out he also used the same name.
April 11th, 2009 at 7:58 pm
Weekly for me to external disk.
April 16th, 2009 at 5:48 pm
nice articles nice blogs.
April 18th, 2009 at 10:38 am
i have putting minimum two back up of my hard disk.i think you should do it…next time be care full..
April 23rd, 2009 at 9:23 pm
That´s something new to me too. As people comment signing under the keywords they want to rank, it´s hard to find this one, but thanks for sharing this.
April 27th, 2009 at 1:55 pm
Very sound advice, I'm sure we are all guilty of letting our plugin updates slide now and again but cases like this just bring home how important it is to keep everything updated and patched. On the system backups front, I learnt a long time ago that I am too lazy to keep decent backups manually so I rely on things that will perform automatic backups! I let my Windows Home Server take care of backups for each of my windows machines and Time Machine combined with an Airport Extreme (with USB drive) takes care of the Mac side of things.
May 29th, 2009 at 6:09 pm
Advice that needs to be taken. I had taken awhile to update my virus software and got hit with a nasty one that almost wiped out everything! I was lucky but I learned my lesson. As far as Sites go, that is more serious, Back ups, updates, and patches are necessary annoyances.
July 24th, 2009 at 5:42 am
i have observe this issues at that day but i thought you might be working on some coding stuff. this is very interesting as people are getting involved and providing valuable suggestions. I have also worked on this suggestion for my recent blog.
November 18th, 2009 at 6:57 am
Then please teach those lessons to us so that we can have a more knowledge!
December 23rd, 2009 at 8:19 am
Amazing still i don't aware by this kind of cheap technique, but wat about email address if we add different email address which different than top commentators so still is it happen ?