Posts Tagged ‘xmlrpc’

Feb 14th, 2008

Blackhat SEO Spammer targeting High PR WordPress Blog

I’ve been monitoring mattheaton.com “wordpress.net.in goro spam injections” for this past few months. Noticeably, the blackhat spamming method is changing dramatically. For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection& Gaming Bluehost & Hostmonster CEO’s Blog.

thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. Both sites were running on WordPress 2.3.2.

By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.

Cloacking Check on Mattheaton.com

Normal Browser

32,246 characters - mattheaton-com-source.txt

Google bot

34,646 characters - mattheaton-com-googlebot-source.txt

Difference

2,400 characters

(more…)

Filled in Security, WordPress, injection, owned · 3 Comments

 

Feb 6th, 2008

Daily Hacking Attemps on blog.kakkoi.net - Feb 6th, 2008

Today’s we just upgrade from WordPress 2.3.2 to 2.3.3 security release. There is 21 attack (script injections) on blog.kakkoi.net from 3 known bot-herder scripts ↓. The first attacker is from 212.24.62.200 → udkado.ru masking their useragent as Googlebot (a real human?). The were playing with my 302.curie redirect page at blog.kakkoi.net/uri/. I send the attacker data to abuse network and IronPort.

The next few hours we received 20 attack from the same bot-herder. They probably has a large scale of DDNS (china → korea → us ). Noticeably the scans pattern is predictable. From our Feb 5th attack all these botnet is targeting certain search keywords security, injection so we setup a honey-pot right on that particular URL.
(more…)

Filled in Security, script injection, vulnerability · No Comments

 

Feb 5th, 2008

Daily Hacking Attempts on blog.kakkoi.net - Feb 5th, 2008

I received lots of multiple botnet injection (e.g: code & sql) on my wordpress blog. All the failed attempts from these Botnet (Bot-herder) will be published in this post. Somebody might find the informations useful ↓.
(more…)

Filled in Security, script injection, vulnerability · No Comments

 

Feb 5th, 2008

WordPress 2.3.3 Security Release

Wordpress 2.3.3 fixes a few minor bugs and the debatable Wordpress 2.3.2 XMLRPC vulnerability. It took 4 months to track the XMLRPC exploit and 1 days for the patch to be release. Kudos to WordPress Developer especially Ryan & Joseph Scott for these quick security release.

Wordpress 2.3.2 XMLRPC vulnerability patches by josephscott

• xmlrpc.php.diff (0.7 kB) -on 02/02/08 16:53:22.
• xmlrpc.php.2.diff (3.2 kB) - on 02/03/08 04:49:26.
• 2.3-xmlrpc.php.diff (3.2 kB) - on 02/04/08 18:48:23 (2.3.3).

(more…)

Filled in Security, WordPress · No Comments

 

Feb 2nd, 2008

Wordpress 2.3.2 XMLRPC Exploit Unofficial Patch

This issue has been raised 4 months ago (october 2007). Certainly this is one of BadPress Ticketing Problems. Until WordPress Developer release Official securities fix (v 2.3.2.1 || 2.3.5 ?? ) You might want to try this “debatable” patch by SecuriTeam - Paul (Yabba) Jones.

Note: Matt Mullenweg & the WP-Hackers is against secureTeam “hasty-patch” and their POC release. [wp-hackers] xmlrpc issue or no?.

Excerpt from Wordpress Support Forum » iframe injection problem?

Matt Mullenweg → […] I would rather not have people think they’re safe and really not be, and there is a release coming shortly anyway. […]
If anyone is scared and wants a fix NOW, they should either turn off registration (which is off by default) or delete xmlrpc.php. ~ Feb 3, 2008

(more…)

Filled in Security, WordPress, vulnerability · No Comments