nnnn

Cleaning Up the Aftermath of a Hacker Attack

by Steve on September 9, 2009

in On WordPress, PHP goodies, WordPress Security

The same project that led to the post Loading WordPress From index.php involved cleaning up after a hacking incident. In fact, that’s what the initial work order was for.

This blog was hit recently by the same attack that has been in the news for the last few days. Lorelle on Wordpress wrote some things about it:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.

This blog was different in that there were no other admin accounts created. The same code was appearing in permalinks ( and was, indeed, shown in Settings -> Permalinks ).

Another symptom of this type of general attack are posts that are filled with spam links enclosed within HTML comment tags. You’ll not see them, but Google does.

Looking a little deeper, I found evidence of another previous hack job. The server error log contained hundreds of these entries: [click to continue…]

564 Total TweetBacks: (Tweet this post)

Tagged as: ,

{ 4 comments }

Loading WordPress From index.php

by Steve on September 9, 2009

in On WordPress, PHP goodies, Troubleshooting WordPress issues, WordPress plugins

One of WordPress’ strengths is its attention to SEO-related issues in its core files. One of those issues is the problem of having the home page of the blog indexed twice in the search engines; once under the actual address, http://domain-name.com/index.php, and the other as the plain domain name: http://domain-name.com. Note that this is a different problem than the trailing slash problem ( http://domain-name.com/ vs. http://domain-name.com ) which WordPress also takes care of.

WordPress handles the index.php problem by rewriting requests for http://domain-name.com/index.php to http://domain-name.com. All well and good, and beneficial for most sites.

But that rewriting/redirecting caused some problems on a site I was working on yesterday, and once I figured out how, it was a relatively easy fix. [click to continue…]

176 Total TweetBacks: (Tweet this post)

Tagged as: , , ,

{ 4 comments }

Don’t Subscribe To My Post Comments If You’re a SpamArrest Customer

September 6, 2009

On this and other blogs, I have a recurring pain in the butt issue. Some people subscribe to a comment thread, and upon every comment following, I get a challenge email from SpamArrest when the notification of a new comment email is sent.
Here’s news: I don’t click the verify link. As a matter of fact, [...]

Read the full article →

Protecting Your WordPress Blog From Hackers, Crackers, and Jerks

September 6, 2009

The last few days have seen a rash of hacker attacks on WordPress blogs, with isolated reports going back a month or more. Without exception, as far as I can tell, the successful attacks were on blogs running outdated older versions of WordPress. The latest exploits involve hidden admin users and permalinks polluted with javascript [...]

Read the full article →

Skype Can Be a Pain In the Ass

September 6, 2009

I don’t restart my computer very often; it mostly runs 24/7. So when I did have occasion to do a restart, I was hit with the issue that my development instance of Apache wouldn’t start. I would get the error: “Windows could not start Apache 2.2 on Local Computer. For more information, review the System [...]

Read the full article →

Using My Way Links To Build Incoming Traffic

May 28, 2009

This isn’t strictly WordPress related, but if you are an avid blogger and use your blog(s) for income, then you might want to check out Jonathan Leger’s My Way Links program.
One thing that we’re all looking for as bloggers is traffic. Lots and lots of traffic. To get that traffic, we have to rank well [...]

Read the full article →

Using PHP Short Tags in Plugins Is a No-No

May 25, 2009

I had a client call up over the weekend in a panic because her blog disappeared.
“Help! All I see is a blank screen!”
“What’s the last thing you did?” says I.
“Updated my theme files,” says she.
So after an hour’s worth of troubleshooting, I found the problem:
Plugin and theme developers: please do us all a favor and [...]

Read the full article →

Just Released – The Simple Link Cloaker Plugin

May 24, 2009

Anyone who’s ever done any affiliate marketing knows the value of ‘cloaking’ outgoing affiliate links. First, it can deter the occasional commission thief who will strip out your affiliate code and replace it with their own, robbing you of a well-earned commission. Just as importantly, it makes your links more ‘professional’ looking when the visitor [...]

Read the full article →

← Previous Entries