Category Archives: Service announcements

eduBuzz WordPress Sites: Comments Temporarily Closed

NO COMMENT?

The ability to leave comments on eduBuzz sites has been temporarily disabled by our hosting company, DXW, to protect against a WordPress security vulnerability identified at the weekend, details below. One of the benefits of using such a popular application is that bugs are quickly identified and addressed, but it does also mean, as with any other popular software on the internet, that there are many malicious people who seek to exploit them. DXW are doing absolutely the right thing here, and experience tells us that the security vulnerability will be quickly fixed.

Due to a critical security vulnerability announced on Sunday evening, we have disabled commenting on all dxw-hosted sites.

At 2100 on Sunday 26th April, a flaw in the way WordPress handles comments was published. This flaw could allow an attacker to inject HTML and Javascript into the pages of your website.

In so doing, they would be able to entirely take over your website, adding or removing any content and taking any action that an administrator is able to complete through the admin area.

Due to the seriousness of this flaw we have disabled commenting across the GovPress platform pending a patch from WordPress. We expect that a patch will be released quickly and we will deploy it as soon as possible.

We have also posted this security alert on the dxw blog, and will make further updates there. If you have any questions not covered by the blog post, please reply to this alert to create a ticket.

 

EduBuzz Incident Involving Loss of Uploaded Files – Update

This is an update on the recent incident.

The hosting company have now restored the majority of the uploaded files (57,665 of ~68,000 files) from backup.

Those files which cannot be restored are those missing files which were uploaded since around November 2013 when the site was moved to its new hosts.

Document files

  • Arrangements are in hand to contact contributors who uploaded document files which are still missing. Where new copies of the same files can be provided, the hosting company will replace them exactly as before.

Image files

  • It is not practical to replace image files in the same way.

If your site’s appearance is being affected by missing image files, e.g. because a header image is still missing, these will need to be replaced manually.  Please contact us (support@edubuzz.org) for assistance if required.