Archive for the ‘WordPress’ Category

Feb 14th, 2008

Blackhat SEO Spammer targeting High PR WordPress Blog

I’ve been monitoring mattheaton.com “wordpress.net.in goro spam injections” for this past few months. Noticeably, the blackhat spamming method is changing dramatically. For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection& Gaming Bluehost & Hostmonster CEO’s Blog.

thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. Both sites were running on WordPress 2.3.2.

By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.

Cloacking Check on Mattheaton.com

Normal Browser

32,246 characters - mattheaton-com-source.txt

Google bot

34,646 characters - mattheaton-com-googlebot-source.txt

Difference

2,400 characters

(more…)

Filled in Security, WordPress, injection, owned · 3 Comments

 

Feb 5th, 2008

WordPress 2.3.3 Security Release

Wordpress 2.3.3 fixes a few minor bugs and the debatable Wordpress 2.3.2 XMLRPC vulnerability. It took 4 months to track the XMLRPC exploit and 1 days for the patch to be release. Kudos to WordPress Developer especially Ryan & Joseph Scott for these quick security release.

Wordpress 2.3.2 XMLRPC vulnerability patches by josephscott

• xmlrpc.php.diff (0.7 kB) -on 02/02/08 16:53:22.
• xmlrpc.php.2.diff (3.2 kB) - on 02/03/08 04:49:26.
• 2.3-xmlrpc.php.diff (3.2 kB) - on 02/04/08 18:48:23 (2.3.3).

(more…)

Filled in Security, WordPress · No Comments

 

Feb 2nd, 2008

Wordpress 2.3.2 XMLRPC Exploit Unofficial Patch

This issue has been raised 4 months ago (october 2007). Certainly this is one of BadPress Ticketing Problems. Until WordPress Developer release Official securities fix (v 2.3.2.1 || 2.3.5 ?? ) You might want to try this “debatable” patch by SecuriTeam - Paul (Yabba) Jones.

Note: Matt Mullenweg & the WP-Hackers is against secureTeam “hasty-patch” and their POC release. [wp-hackers] xmlrpc issue or no?.

Excerpt from Wordpress Support Forum » iframe injection problem?

Matt Mullenweg → […] I would rather not have people think they’re safe and really not be, and there is a release coming shortly anyway. […]
If anyone is scared and wants a fix NOW, they should either turn off registration (which is off by default) or delete xmlrpc.php. ~ Feb 3, 2008

(more…)

Filled in Security, WordPress, vulnerability · No Comments

 

Jan 31st, 2008

Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II

Being Hacked by SEO spammer is seem like a yearly events at Mattheaton.com. Matt’s WordPress blog was first hijacked 2 months ago on 26 November 2007 (according to my record). You can digg my earlier post at → Matt Heaton BlueHost HostMonster CEO Official Blog Hacked.

It’s a big embarrassment for bluehost & hostmonster hosting to have their CEO’s blog being spamride every year (since 2007) . Drilling Matt Heaton’s with bad ads wont solves the Blackhat Spam issues, I will left that particulars part to my readers to speculate.

(more…)

Filled in Security, WordPress, vulnerability · 1 Comment

 

Dec 30th, 2007

Upgrade Wordpress 2.3.2

I just upgrade today, WordPress 2.3.2, fixed a nasty vulnerability. I haven’t did any test yet but according to “blackhat domainer” you can view WordPress Draft Entry via simple URL parameters without log in (un-authorize view).
(more…)

Filled in WordPress, vulnerability · 2 Comments