Comments on: More on the blog hacking http://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/ Raph Koster's personal website: MMOs, gaming, writing, art, music, books Sun, 12 Feb 2012 06:02:55 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Raph's Website » WordPress Exploit Scanner pluginhttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-138725 Raph's Website » WordPress Exploit Scanner plugin Sun, 29 Jun 2008 20:16:25 +0000 http://www.raphkoster.com/?p=1702#comment-138725 [...] those who recall the whole “blog gets hacked” odyssey, and my subsequent request for a plugin that would do security scans, check this [...]

[...] those who recall the whole “blog gets hacked” odyssey, and my subsequent request for a plugin that would do security scans, check this [...]

]]> By: Spam injection in RSS Feed | Startup Addict Musingshttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-138371 Spam injection in RSS Feed | Startup Addict Musings Thu, 19 Jun 2008 01:38:37 +0000 http://www.raphkoster.com/?p=1702#comment-138371 [...] RobertGaloppini Linux-by-Example Kakkoi Gordon Dewis Raph [...]

[...] RobertGaloppini Linux-by-Example Kakkoi Gordon Dewis Raph [...]

]]> By: Guillehttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136964 Guille Tue, 29 Apr 2008 10:50:43 +0000 http://www.raphkoster.com/?p=1702#comment-136964 Hi. I had the same issue. The wp_options code is NOT the main problem. The main problem is one plugin installed that DOESN'T SHOW in your plugins page (that's because they don't have a plugin header). I had to remove active_plugins from wp_options and enable the good plugins again to get read of it. Read here: http://wordpress.org/support/topic/169246 Hi. I had the same issue. The wp_options code is NOT the main problem. The main problem is one plugin installed that DOESN’T SHOW in your plugins page (that’s because they don’t have a plugin header). I had to remove active_plugins from wp_options and enable the good plugins again to get read of it. Read here: http://wordpress.org/support/topic/169246

]]> By: Raph's Website » How to hack an MMOhttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136714 Raph's Website » How to hack an MMO Fri, 18 Apr 2008 06:28:18 +0000 http://www.raphkoster.com/?p=1702#comment-136714 [...] the recent hack to the blog, and also given the recent news of the decompiled Eve Online client, it seemed like a good time to [...]

[...] the recent hack to the blog, and also given the recent news of the decompiled Eve Online client, it seemed like a good time to [...]

]]> By: Cuppytalk » Blog Archive » My blog is back!http://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136710 Cuppytalk » Blog Archive » My blog is back! Thu, 17 Apr 2008 22:20:06 +0000 http://www.raphkoster.com/?p=1702#comment-136710 [...] to valuable instructions from Raph (who was hacked the same way) and meticulous assistance from Jeff Freeman, I’m back up and [...]

[...] to valuable instructions from Raph (who was hacked the same way) and meticulous assistance from Jeff Freeman, I’m back up and [...]

]]> By: Jasonhttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136689 Jason Wed, 16 Apr 2008 22:48:37 +0000 http://www.raphkoster.com/?p=1702#comment-136689 I think on that Blosxom link, he meant dot com and not dot org. I think on that Blosxom link, he meant dot com and not dot org.

]]> By: Anticoriumhttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136683 Anticorium Wed, 16 Apr 2008 20:56:09 +0000 http://www.raphkoster.com/?p=1702#comment-136683 I'd suggest looking around the rest of your httpd user's home directory and all of the other places it can touch, too. PHP has system(), so anything httpd had permissions on, your attacker could've touched. I’d suggest looking around the rest of your httpd user’s home directory and all of the other places it can touch, too. PHP has system(), so anything httpd had permissions on, your attacker could’ve touched.

]]> By: Raphhttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136681 Raph Wed, 16 Apr 2008 20:22:48 +0000 http://www.raphkoster.com/?p=1702#comment-136681 :) I just dislike Perl's syntax a lot. Haven't used it in years... When I say the site is illegible, I mean I get little diamonds instead of letters. It's actually literally illegible. :) I probably DO need to sanitize the DB, actually. :P :) I just dislike Perl’s syntax a lot. Haven’t used it in years…

When I say the site is illegible, I mean I get little diamonds instead of letters. It’s actually literally illegible. :)

I probably DO need to sanitize the DB, actually. :P

]]> By: Anticoriumhttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136680 Anticorium Wed, 16 Apr 2008 20:16:29 +0000 http://www.raphkoster.com/?p=1702#comment-136680 1. But is it more or less illegible than dozens of base64-encoded entries in your wp_config table? Some people look at trials like yours and say that they need to sanitize the SQL and clean the database. I look at it and wonder why you have a database at all. 2. Preferring PHP over Perl is like preferring Hydrox over Oreo. It's the same $basic['cookie']. 1. But is it more or less illegible than dozens of base64-encoded entries in your wp_config table? Some people look at trials like yours and say that they need to sanitize the SQL and clean the database. I look at it and wonder why you have a database at all.

2. Preferring PHP over Perl is like preferring Hydrox over Oreo. It’s the same $basic['cookie'].

]]> By: Raphhttp://www.raphkoster.com/2008/04/15/more-on-the-blog-hacking/comment-page-1/#comment-136678 Raph Wed, 16 Apr 2008 19:51:48 +0000 http://www.raphkoster.com/?p=1702#comment-136678 1) I despise Perl. 2) The plugins, support, and community for WP. 3) The Blosxom site you linked is illegible. ;) 1) I despise Perl.

2) The plugins, support, and community for WP.

3) The Blosxom site you linked is illegible. ;)

]]>