During last weekend this blog experienced number of attacks. I suspect [or know :)] that majority of these attacks have been performed by my students who I teach Computer Networks Security lectures. It is possible that some other people tried to break into my blog also. I tracked some of IP addresses of attackers. (Yes, I know that you can use various anonymous proxies to hide origin).
Fortunately, these attacks were not successful, but with little bit better reading and careful analyzing they could be. Also interesting is that I was traveling and I didn’t have proper access to my blog at that time to perform upgrade or any other administrative action.
Fact is that we talk to students, among other things, about SQL injection attacks and XSS issues and prevention. They’ve chosen to try this knowledge against my blog. I use WordPress as my blogging platform and I missed to update it from version 2.10 to 2.13 even WordPress announced that there are security holes in version 2.10 and that releases 2.13 include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems. This problem is described here.
Today I upgraded my blogging platform to WordPress 2.13 and I hope it is secure up to moment when new security hole is found in it (as for thousands of other bloggers who use WordPress).