What WordPress needs

 Posted by (Visited 9515 times)  Misc  Tagged with: ,
Apr 162008
 

A plugin that

  • Greps every file in your public web directory, recursively, looking for “base64” and tells you about them. The default WP install has none of these.
  • Warns you on modification date of any file in the install, plus in any themes.
  • Checks header and footer for unusual size changes.
  • Warns you on any files added to install directories that are not something in the vanilla install — e.g., any new php files in wp-admin that aren’t part of the install.
  • Warns you on any .htaccess redirects.
  • Pulls out the list of administrators by querying in wp_usermeta for wp_metavalue containing %administrator% — not whatever the dashboard uses, which appears to correlate to other tables and therefore misses hacked accounts.
  • Generates a table of everything in wp_options that is not a part of the vanilla WP install, so you can check it. Sure, a whole bunch of plugins will show up, but maybe you can check that manually.

Doing all this by hand is getting old. 🙂 The saga continues at the other post, which continues to get updates.

More on the blog hacking

 Posted by (Visited 14295 times)  Game talk  Tagged with: , , , , , , ,
Apr 152008
 

I keep updating this post as I learn more. So if you’re affected, there’s new material at the bottom. I am currently running this full sweep every day, because each day I find something different. But three days ago there were twenty things, yesterday five, and today only one, so maybe I am getting closer.

Latest news 4/25/08: blog seems secure again. But be sure to do the “secret key” thing newly listed at the bottom as well!

So, I mentioned before that I was a victim of a hack. It was a spam injection attack — the one known as the Goro injection attack. But my symptoms were slightly different from some of the ones I have seen on the net, so here’s some war stories even though I suspect the blog is STILL not clean.

First, read these two posts:

Also read the advice from Jeff Freeman in the last post on this.

OK, in addition to that advice, I also had the following problems:

Continue reading »

Blog issues

 Posted by (Visited 5503 times)  Misc  Tagged with:
Apr 102008
 

Yes, it’s wonky. And it will stay wonky for a little while, there’s clearly some compromised files — spam stuff getting inserted into PHP files wrecking everything.

I have upgraded to 2.5, and everything seems to be working correctly. For now, anyway.

RSS feed fixed

 Posted by (Visited 5686 times)  Misc  Tagged with: , ,
Apr 082008
 

Someone finally pointed out to me that the feed has been busted for days. It’s fixed now. So you can go catch up, if you read the blog that way. Also upgraded one more version — almost to 2.5 finally. Sheesh.

I see I now have this nifty tagging feature. There’s a tag cloud over on the sidebar now, and I tagged some of the recent posts. I also installed a plugin that lets readers tag posts — it’s at the end of each post, and it lets readers suggest tags. Enough people agree, and the tag goes on the post. Spaces are allowed in the tags. So have at!

Work in Progress!

 Posted by (Visited 7537 times)  Misc  Tagged with: ,
Mar 272008
 

Trying to upgrade since the header file got hacked again today. Sorry for the interruptions. Hope to have things back to normal in a bit.

ETA: ok. turned the plugins back on for now. Things should look ok again. We’ll keep an eye on things and replace the header again if need be. Upgrades seem to be stalling out for no apparent reason.

 Older Entries  Newer Entries