English flagItalian flagKorean flagChinese (Simplified) flagPortuguese flagGerman flagFrench flag
Spanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flag
Czech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flag
Swedish flagNorwegian flag     
By N2H
Welcome to Raph Koster's personal website: MMOs, gaming, writing, art, music, books.
« And now, the unbalanced take (the Byron Report) | Metachat is on Facebook now too »

Work in Progress!

March 27th, 2008 (Visited 1178 times) Tags: ,

Trying to upgrade since the header file got hacked again today. Sorry for the interruptions. Hope to have things back to normal in a bit.

ETA: ok. turned the plugins back on for now. Things should look ok again. We’ll keep an eye on things and replace the header again if need be. Upgrades seem to be stalling out for no apparent reason.

*

[?]
You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

6 Responses to “Work in Progress!”

Jump to reader comments » | Leave a reply »

Trackbacks & Pingbacks
  1. Raph's Website » More on the blog hacking wrote on April 15th, 2008 at 12:37 am:

    [...] read the advice from Jeff Freeman in the last post on [...]

    2.
  2. Azaroth » Blog Archive » Oh, that’s better thx. wrote on April 22nd, 2008 at 8:25 pm:

    [...] Jeff Freeman is nice, thanks. Although I’m linking to Raph’s blog for some reason. [...]

    3.
Reader Comments
  1. moo said on March 27th, 2008 at 2:27 pm:

    hacked? wha?

  2. Raph said on March 27th, 2008 at 2:40 pm:

    There is apparently a vulnerability in Wordpress which allows injection of spam into the header.php file. Some of the (many) links on it:

    http://wordpress.org/support/topic/138376

    http://robertogaloppini.net/2007/12/12/wordpress-spam-injection-goro-hacked-my-blog/

    http://gordon.dewis.ca/2008/01/06/expunging-the-wordpressnetin-spam-injection-hijack/

    So far it has happened to us twice in the last week, and may have been part of why the blog was broken last weekend.

  3. Jeff Freeman said on March 28th, 2008 at 2:09 am:

    There was a vulnerability to SQL-injection through version 2.1.1:

    http://luiscosio.com/0day-exploit-for-wordpress-211

    Upgrading will fix it, but if you were already compromised then you should change your admin password, first thing. I’ll wait here.

    Ok, done?

    You might still be at risk due to code in your database. Upgrading beyond 2.1.1 will stop it happening again, but it won’t remove any code already in there.

    The link you posted to Roberto Galoppini’s page explains what to look for and how to delete it… mind, your malicious code isn’t necessarily the same malicious code that he got, so you really have to look for “stuff like that” rather than that, exactly.

    Last, check you footers.php file, too. Or heck, check all the theme’s files, why not?

    That and a WP install should do you. I definitely recommend the “delete all existing files except content, then ftp the new versions files over.” You could set your ftp client to “always over-write” (probably it defaults to “only if newer”), but in the event a file was removed from the project between your old version and the new one, you don’t want it hanging-around doing nothing.

    If deleting wp_header() from your header.php file was part of your solution, you’ll want to put that back in there. Lots of plugins won’t work or won’t work right unless it is there.

    This assumes none of your plugins were the actual source of the vulnerability. Being paranoid, I’ll likely go through them all line by line. Probably just as effective would be to Google for the plugin name and ‘vulnerability’ or ‘SQL injection’ or maybe even “+plugin-name +header.php”.

    But since 2.1.1 and under were vulnerable and your cached page on Google reports version 2.1 - seems unlikely your vulnerability was not WP itself.

    Simple little things you can do to harden your WP install:

    1. Delete your ‘admin’ user, if you haven’t already (make a new user with a secret user-name and admin rights first).

    2. Edit your header.php where there’s a comment:

    <!– leave this for stats please –>

    … remove the WP version number it is asking you to leave, and add your own comment there:

    <!– Sorry, but no –>

    You need to not be hacked more than anyone needs to know which vulnerabilities you are offering to hackers (aka your version number).

    Besides, providing data for stats or anything should be an opt-in affair, not opt-out requiring php editing. So there’s that reason to remove it even if removing it for security reasons feels sleezy.

    I mean, that only works because it is an obfuscated opt-out affair, meaning lots of people would leave it even without the “please”, meaning your benefit comes at their expense.

    This conclude my being on-topic.

    It’s sort of how home security stickers on your windows provides security by making your house seem relatively less vulnerable than your neighbors’.

    They always say, “Sure, no system provides absolute protection, but if Joe Sixpack had an alarm system sticker on his window, maybe the victim of this crime would have been the next house down the road.” They say that without any shame, admit boldly that their alarm system works because your neighbor doesn’t have one.

    I always think, “How do they know Joe Sixpack’s home wasn’t the next one down the road?”

    They can’t possibly believe the robbers will move on indefinitely, have already confessed their service relies on your neighbors’ exposure, yet every single time they’ll chastise Joe as though he did something stupid, when their security depends utterly on guys like Joe.

    If he’d had a security system, maybe the next house would have been robbed, but then they’d just be saying the same thing about that home’s owner, eh?

    Also I am suspicious of them never talking about all the people with security systems whom have not been robbed. That’s what you really want it to do, right? Ok, we get it, people without it get robbed… but that only implies the people with it do not. They never say that.

    What’s up with that? Since when is sufficient such a claim as “Not using my product has proven to be ineffective at improving your girth and length.”?

    END OF COMMUNICATION

  4. Raph said on March 28th, 2008 at 8:50 am:

    Thanks for the advice Jeff! The second time it happened, btw, the blog was already running 2.2.3; so it may be that the code is still in the DB. We’ll go looking!

Meta

Recent Comments

Categories

Recent Trackbacks

Archives

All contents of this site are ©Copyright 1998- 2008 by Raphael Koster. All rights reserved.

The views expressed here are my own, and not necessarily endorsed by any former or current employer.

click here to visit the Metaplace website

The whole Web

Raph's Website

See popular posts »
About the blog »

A Theory of Fun
for Game Design

Book cover for A Theory of Fun for Game Design, by Raph Koster

Press
Excerpts

Buy from Amazon

After the Flood

After the Flood CD Cover

Available on CD
$14.99

More stuff to buy

Cat Fishing T-Shirt

Cat Fishing
Ash Grey T-Shirt
$16.99

Receive CafePress Updates!

LegendMUD

click here to visit the Legend website

"The world the way they thought it was..."

Get Firefox