A good portion of the last few days has been spent in patching and fixing software applications. The two involved were WordPress and CubeCart, and the CubeCart problem has yet to be fixed.

I’ve written enough for right now about my feelings re WordPress and their release of 2.0 WAAAAYYYY BEFORE IT WAS ANYWHERE NEAR READY. Which means that most of that work I did to get http://pcmike.com up and running was solely because of the boneheadedness of the ONE PERSON who, rumor has it, decided to release despite many objections by his dev team, despite the lack of resolution for all or at least the major bugs on the LONG buglist, and most probably because he had a chance to fatten his own damn pocket with yahoo dollars. And that’s not to mention the fact that he expects all of us to run with the wp-content file permissioned as if you’ve got the welcome mat out for any script kiddie to c’mon in and hack, just because it was quicker and easier for him to code in some functionality that way. We’re already well aware of this man’s greed re income, after the hidden links scandal a few months back. Well, looks like he’s done it again to the detriment of the rest of us.

Re the CubeCart situation- In many ways it was handled very well, in that as soon as the exploit was noted, a patch was issued despite the hectic holiday. The info was also disseminated to Fantastico, who notified hosts running the program so they could take appropriate action. My host shut down all cubecart installations by shutting down ALL permission to the file until they heard from the siteowner in question and knew that the installation was being patched. All to the good. Problem was the upgrade broke the cart. And the patch to fix the patch, which we waited for patiently over the New Year’s Holiday Weekend, didn’t fix it. And no help has been forthcoming on the forum as of yet, it’s a mass confusion over there.

I’ve got mixed feelings about this, understandably, mostly because I’m the one caught in the middle and doing all the work and the scrambling to try to make things right again. A patch that breaks the software isn’t a good thing, but if installing it stopped exploiters from sending spam and spawning porn on sites all over the server this site is on . . . well, I guess I’d rather have the patch that breaks the cart than none. But meanwhile we still have a cart that doesn’t work and I’m the one doing the explaining of all this to the client, who took my suggestion to install THIS cart in the first place. My protestations of this still being a good thing are starting to sound on deaf ears and I can’t say as I blame him.

Then meanwhile we’ve worries of the WMF Exploit and whether to even OPEN email or VIEW webpages . . . *sigh*

Let’s just hope that my combo of AV and Firewall keep ‘em from using anything they manage to get into my machine.

There’s gotta be a better way to stop ‘em . . .

This entry was posted on Tuesday, January 3rd, 2006 at 3:37 pmunder Web Design and . Comment RSS 2.0 feed. Both comments and pings are currently closed.