It looks like a popular weblog hosting service, Webloog.com, has closed its doors for now citing security concerns with the WordPress Multi-user software.
Currently on the Webloog.com homepage it reads:
Webloog.com has been closed due to security risks in the WordPress MU application.
Sorry for the inconvenience
And posted on the WordPress Hackers newsgroup:
Just letting you know i am halting webloog.com service. A friend of mine that does security detection and repair for corporations told me of some nasty holes in the wordpress MU program. Within the 10 minutes he looked he found 13 holes to get into the server…who knows how many more there are. I had to let my host know about the access he did on the server so they are making me end the program asap also i dont want the potential of someone killing my host and other sites i run.
No doubt any blogging application will have security holes, and especially ones making use of external applications, and depending on the access you give the user to do what they please with their blog, you are opening yourself up to a certain amount of risk.
I am sad to see Webloogs.com close their doors, and hopefully the WordPress community will band together, and fix up the Multi-user version of WordPress so that more communities than just the invite-only WordPress.com community spring up around what I consider to be a great piece of software.