Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks. #WordPress
https://www.bleepingcomputer.com/news/security/post-smtp-plugin-flaw-exposes-200k-wordpress-sites-to-hijacking-attacks/
#wordpress
46 posts43 participants6 posts today
Durch die Umstellung meines Blogs von #Wordpress auf #mkdocs kann ich das Paket bei Hetzner von Level 9 (10,90/Monat) auf Level 1 (2,09/Monat) wechseln 
Dort sind jetzt nur noch die Email-Postfächer der Familie und die Domains.
Dabei ist mir noch aufgefallen, dass ich beim #Nextcloud Hosting Storage Share für 1TB auf einem Alten Vertrag war (NX30). Habe den auf NX11 umgestellt, der kostet nur die Hälfte (5,11/Monat).
Die #Wordpress-Seite meiner Band zeigt übrigens einen ähnlichen Trend. D. h. wir sind vermutlich "Teilnehmer" einer größeren Kampagne, die die verschiedensten Sites mit #BruteForce-Angriffen beglücken.
Hier noch etwas langfristige Statistik zum Thema #BruteForce auf #Wordpress: Obwohl es deutlich mehr ruhige Tage gibt, haben wir langfristig einen Schnitt von ca. 160 Login-Versuchen pro Tag auf unsere Webseite.
Mit dem #Wordpress-Plugin "Login Attempts" kann man sich die Versuche ansehen. Man sieht einerseits, welche #Passwörter ausprobiert werden und man mit zufälligen, starken Passwörtern gut geschützt ist. Andererseits fällt auf, dass die Versuche über #Proxies umgeleitet werden, um immer unteschiedliche Quell-IPs zu nutzen. Ein Schutz über IP-Sterrungen ist daher nur sehr bedingt ein Schutz.
Momentan erleben wir mal wieder eine #BruteForce Attacke auf unsere Webseite. Das passiert immer mal wieder und ist völlig normal, wenn man eine #Wordpress-Seite im Internet hat. Wir nutzen das Plugin Limit Login Attempts Reloaded in der kostenlosen und lokalen Version, um das überhaupt mitzubekommen und häufige IPs zu sperren.
I made a few changes to my website – added new images, adjusted some text, changed the header, etc.
It's a work in progress. I'm not very techy and am open to feedback if anything doesn't work or looks off to you:
stancarey.comStan Carey editing and proofreading | Tidy, tighten, or transform your text
Canadian job opportunities, I'm not affiliated with any of these companies:
Geosyntec is looking for a web designer in Toronto, ON. No salary listed. Apply at https://canada-geosyntec.icims.com/jobs/3719/web-designer/job.
StackAdapt is hiring for a number of roles in Canada (mostly remote, with one being hybrid). See all their openings at https://jobs.lever.co/stackadapt?location=Canada.
BC Ferries is hiring a web designer in either Victoria or Richmond. "please submit your cover letter and resume by August 10, 2025." Salary range is $66,300 - $82,800. Details and apply at https://careers-bcferries.icims.com/jobs/4096/web-designer/job.
Interac is looking for a senior front-end developer in either Toronto or Ottawa. Must have "5+ years working in front-end web development in Angular 6+. Eligibility to work for Interac Corp. in Canada in a full-time capacity." No salary listed. Apply now at https://interac.wd3.myworkdayjobs.com/en-US/Interac/job/Senior-Front-End-Developer_REQ-1832.
Ink & Switch is hiring an Automerge TypeScript Maintainer. 100% remote "any location, but UK preferred. Must be able to attend meetings between 16:00-18:00 UTC (noon - 2pm eastern time)." Must have strong experience with TypeScript (including deep use of the type system). All the details are https://www.inkandswitch.com/jobs/automerge-typescript-maintainer/. h/t to @spiralganglion.
Design de Plume is hiring an Intermediate Project Manager either remote or in-office (in Sudbury, ON). Salary is $70,000. "Probation period of 6 months. Candidates must currently reside in Canada. Work hours are Monday to Friday, 9:00am to 4:30pm ET. While our hours follow Eastern Time, we offer flexibility for team members in other time zones to modify their schedules to maintain effective overlap and work-life balance." Apply at https://deplume.ca/job/intermediate-project-manager.
CanadaWeb Designer in Toronto, Ontario | Careers at Toronto, ONDo you want to build an impactful career to change the world for the better?
Geosyntec has an exciting opportunity for a Web Designer in our Toronto office, the potential to work a hybrid schedule or remotely from your home-office is available at the discretion of the Company. The ideal candidate will help create and maintain attractive websites for internal and external communications. Working closely with our digital marketing team, primary duties will include assuring website functionality and stability by updating and maintaining content and plugins, as well as conceptualizing and implementing creative ideas for internal and external websites.
Geosyntec is an innovative, international engineering and consulting firm serving private and public-sector clients to address new ventures and complex problems involving our environment, natural resources, and civil infrastructure. Our engineers, scientists, technical and project employees serve our clients from offices across the world. Ranked by ENR as one of the top environmental engineering design firms, Geosyntec is internationally known for its technical leadership, broad experience, and exceptional client service.
We invest in our people. Each employee is unique, and your career at Geosyntec will be too. We offer competitive pay and benefits, and well-being programs to support you and your family.
To Learn More Visit: http://www.geosyntec.com/careers/.
If you do #WordPress development, especially plugins and themes then might want to follow this discussion on proposed admin design changes:
GitHubAdmin Materials and Surfaces · Issue #70913 · WordPress/gutenberg
Is there a decent, open source Events plugin for wordpress that doesn't Gard basic things like repeat events behind a paywall?
Asking for a community group with a budget of 0
Open Calendar is a libre, #selfhosted web application -not a library- designed as a plug-and-play #CalDAV client. It bundles #opensource components to provide a sleek interface connected to one or more CalDAV servers. Currently in beta and open to contributions, it's distributed under the MIT license, ensuring freedom and transparency. Potential #WordPress plugin ? Explore the project at :
La Capannina's World è uscita questa mattina puntuale. Gli argomenti: Proteine, la mia IPA-Retake e Symphony X.
Per iscriversi il link è questo
https://buttondown.com/LaCapannina#subscribe-form
buttondown.comLa Capannina's WorldUna Newsletter mensile con idee e pensieri sulle passioni come: la corsa: per ogni podista, ogni budget, ogni distanza;la birra: gli stili che mi piacciono e che mi piace fare;la musica: che mi piace e che sto ascoltando. La mia visione sulle mie passioni o interessi, quello che mi circonda, il mondo Capannina. La Capannina’s World è una Newsletter in cui raccontare e condividere, conoscere e provare a cambiare e magari trovare nuovi stimoli per rimanere vivi.
Destroying Autocracy – July 24, 2025
Welcome to this week’s “Destroying Autocracy”.
It’s your source for curated news affecting democracy in the cyber arena with a focus on protecting it. That necessitates an opinionated Butlerian jihad against big tech as well as evangelizing for open-source and the Fediverse. Since big media’s journalism wing is flailing and failing in its core duty to democracy, this is also a collection of alternative reporting on the eternal battle between autocracy and democracy. We also cover the cybersecurity world. You can’t be free without safety and privacy.
DA comes out on Thursday and is updated through the end of day on Friday. Then we start over. So take your time in perusing it and check back in over the weekend.
FYI, my opinions will be in bold. And will often involve cursing. Because humans. Especially tech bros. And fascists. Fuck ’em.
Featured Item
TechDirt writes:
Over the last year or so I’ve seen a disturbing tendency in tech/startup/VC worlds to buy into the neoreactionary view that for startups to be successful they need to get on board the Trump train.
Yes, there are the big name folks who everyone knows about and who didn’t really surprise anyone—Peter Thiel, Marc Andreessen, David Sacks, Elon Musk (pre-fallout)—but the more troubling trend has been watching younger entrepreneurs and VCs listen to their podcasts, read their posts and books, and slowly nod along to the idea that democracy is holding back innovation.
Fascism For First Time Founders
We start and end with good news to make the middle bearable.
The response to Russia’s War Crimes, Techno Feudalism, and other douchebaggery
BleepingComputer reports:
Ukraine arrests suspected admin of XSS Russian hacking forum
Radio Free Europe reports:
Drone Attacks Even The Odds For Ukrainian Frontline Units
BitDefender reports:
Europol targets Kremlin-backed cybercrime gang NoName057(16)
Bruce Lawson reports:
CMA designates Google and Apple, proposes measures
TechCentral reports:
Italy takes Meta, X and LinkedIn to court over unpaid tax
404 Media reports:
Hacker Plants Computer ‘Wiping’ Commands in Amazon’s AI Coding Agent
Archivists Recreate Pre-Trump CDC Website, Are Hosting It in Europe
The Register reports:
Radio geeks reveal how to access crucial hurricane data after US Department of Defense cut it off
The Register reports:
AI data-suckers would have to ask permission first under new bill
Laptop farmer behind $17M North Korean IT worker scam locked up for 8.5 years
TechPolicy reports:
The Case for Europe’s Backing of Digital Civil Society Groups
Open_Future shares:
Licensing, Levies, and the Limits of Copyright
Open Forum Europe announces:
DarkReading reports:
Stop AI Bot Traffic: Protecting Your Organization’s Website
Speaking of your websites, LocalGhost has:
This page is under construction: a love letter to the personal website
Hamish Campbell has:
The Open Media Network: More Than Just a Tech Project
This is what your site could be a part of.
Neutral
TechPolicy reports:
Brazil Has a Bridge to Defending the Internet
The Financial Times:
UK government seeks way out of clash with US over Apple encryption
When you have three sets of c^nts involved, it’s hard to know who to route for.
TechPolicy opines:
Enforcement of EU’s Tech Laws Should Not Be Traded Away
And they are right.
The Evil Empire (AKA Autocracy) Strikes Back
So-called newspaper, The Wall Street Journal reports:
White House Prepares Executive Order Targeting ‘Woke AI’
MIT Technology Review reports:
America’s AI watchdog is losing its bite
The Electronic Frontier Foundation reports:
Axon’s Draft One is Designed to Defy Transparency
EuroNews reports:
UK online legislation could threaten Wikipedia volunteer safety, group to argue in court
Pariah States
The Register reports:
UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies
Silicon Valley engineer admits theft of US missile tech secrets
Four new Android spyware samples linked to Iran’s intel agency
TechCrunch reports:
A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations
Hackers exploiting SharePoint zero-day seen targeting government agencies
BleepingComputer reports:
Microsoft links Sharepoint ToolShell attacks to Chinese hackers
Big Media
Today in Tabs reports:
Billionaires Destroyed American News Media On Purpose
Mother Jones reports:
Colbert’s Cancellation Is a Dark Warning
Akademie shares:
Investigating AI datasets: A journalist’s guide
Big Tech
Where’s Your ‘Ed shares:
The Hater’s Guide To The AI Bubble
The Next Web reports:
ChatGPT advises women to ask for lower salaries, study finds
404 Media reports:
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
Spotify Publishes AI-Generated Songs From Dead Artists Without Permission
Google’s AI Is Destroying Search, the Internet, and Your Brain
Grindr Won’t Let Users Say ‘No Zionists’
EuroNews reports:
Meta ran ads that fundraised for Israeli Defence Forces, analysis shows
Meta won’t sign EU’s AI Code, but who will?
The Electronic Frontier Foundation reports:
Amazon Ring Cashes in on Techno-Authoritarianism and Mass Surveillance
Ars Technica reports:
Researcher threatens X with lawsuit after falsely linking him to French probe
xAI workers balked over training request to help “give Grok a face,” docs show
TechCrunch reports:
Microsoft says it will no longer use engineers in China for Department of Defense work
For privacy and security, think twice before granting AI access to your personal data
Terror
The Register reports:
IRL Com recruits teens for real-life stabbings, shootings, FBI warns
Cybersecurity/Privacy
TechCrunch reports:
Serial spyware founder Scott Zuckerman wants the FTC to unban him from the surveillance industry
BleepingComputer reports:
CISA and FBI warn of escalating Interlock ransomware attacks
DarkReading reports:
Translating Cyber-Risk for the Boardroom
Fediverse
Connected Places has:
Fediverse Report – #126 July 22, 2025
Bonfire is:
Exploring a Bonfire Geosocial Extension
MarkWrites reflects on:
Mastodon announces:
If you are on the Fediverse please donate to your instance’s maintainers. Especially if they ask nicely.
Aphyr opines:
The Future of Forums is Lies, I Guess
Fediverse favorite, Elena Rossini shares:
The Future is Federated: Year 2
ActivityPub for WordPress has an update:
We Distribute has details:
WordPress-ActivityPub v 7.1.0 Introduces Following Capabilities
Randall Black show us:
How to Install and Set Up Castopod for Your Podcast
TechCrunch reports:
Threads adds improved content performance metrics for creators
Slightly Federated Social Media
The Register reports:
Selling your digital soul to use Bluesky’s DMs isn’t just a bad idea, it’s the law
CTAs (aka show us some free love)
- That’s it for this week. Please share this edition of Destroying Autocracy.
- Follow me on the Fediverse. Or this site via the button in the footer. Or via RSS.
Keep fighting!
Ringleader, Battalion
Reuben Walker
Follow me on the Fediverse
#126 #ActivityPub #AI #Autocracy #BigJournalism #BigTech #Bluesky #Castopod #Democracy #Fascism #Fediverse #Mastodon #StopChina #StopIsrael #StopRedAmerica #StopRussia #SupportUkraine #TechnoAnarchism #TechnoFeudalism #Threads #WordPress
Replied in thread
I just realized that ~650 of 1500 #WCUS tickets sold is approximately 43%.
Seems appropriate, given #WordPress' market share and all. 
Replied in thread
You can't help but wonder what this says about the state of the #WordPress community when its premiere event of the year struggles to fill seats.
Now, I'm not going to pretend that I know what the answer is, but I'm pretty sure that "pretend everything is fine" ain't it.
Da hat der @pfefferle was gezaubert. Bin gespannt, wie sich das noch entwickelt.
Hay una nueva versión de la adaptación del tema de #WordPress TT4 en mi blog. Entre otras pequeñas mejoras, he instalado la compatibilidad con transiciones de vista entre documentos en WordPress. Esto reemplaza las bruscas transiciones al navegar de una URL a otra con una animación suave, utilizando por defecto un efecto de fundido.
E vai! Mail finita! Peccato che ora sono indietro con la stesura di altri articoli! La cosa divertente è che mi diverto!! Comunque il 25 regolare la Newsletter de La Capannina's World esce pronta e revisionata!
#dirtybrigate #corsa #run #running #runningpigro #ultrarunning #bike #blog #change #pintarest #pixelfld #wordpress #mindfulness #sport #wcft #beer #craft #homebrewing #handmade
Mein Blog folgt mir jetzt 
Im aktuellen Update des #ActivitivPub Plugins für #Wordpress „versteckt“ sich eine erste rudimentäre Möglichkeit anderen Profilen zu folgen.
https://de.wordpress.org/plugins/activitypub/#developers
Ein weiterer Schritt das eigene (WordPress) Blog zu einer #Fediverse Instanz zu erweitern.
WordPress.org DeutschActivityPubDas ActivityPub-Protokoll ist ein dezentrales Social-Networking-Protokoll. Es basiert auf dem Datenformat ActivityStreams 2.0.