Be afraid, be very afraid!

So you have a great idea for a site, you buy a domain, throw a WordPress site up on your shared hosting and upload a free template and every cool plugin known to man. Within an hour you’ve written 5 blog posts and dropped a link at dp so within 2 more hours the spiders will be all over the site and the world will know about you.

Anyone who has been around for a bit knows that all of those plugins and themes should be checked out before they get uploaded but in reality some can get pretty gnarly and the vast majority of WordPress users can do little more than ftp.

Pharma hack and their C&C (Command & control) server

Understanding and cleaning the Pharma hack on WordPress

Securi have blown the whistle on a so-called “Pharma hack” where a few lines of code nestled in a template (but could just as easily be a plugin) allow the hacker to upload further scripts and take control of your site. They appear to be taking it easy right now and just inserting new links around the place and hoping, I guess, that most will be on auto-blog so that the owners are relatively disinterested and won’t notice their changes.

A few years ago WordPress had a situation where they’d stopped using a file that had a security flaw in it. Those of us who upgraded properly deleted the file and were fine. Those who just uploaded the new files ontop of the old still had the file on their servers and were vulnerable.

If you’ve got lazy of late its time to rethink how you upgrade and what you install. Probably time to lock down that config.php too.

And time for WordPress to let us have any files that are never called directly isolated and either moved below the root or locked away from public access.

viagra levitra review? Viagra For Sale caught selling viagra
Viagra erection duration viagra erection enhancers problems 400. Cheapest Viagra Prices generic viagra levitra regalis
viagra pages edinburgh find generic girl, Viagra Prescription Uk order phizer viagra
Viagra alcohaol viagra alcohol 20. Viagra No Prescription Uk alternative viagra uk biggest viagra case 775.
forced viagra and tied up Viagra Sale viagra free gratis

The Generation Gap that swallows you whole!

An SOS went out today from a young BMX racer via Facebook that his website had been hacked. I took a look at and the first thing that struck me was that it wasn’t a typical hacking… closer inspection of the Facebook messages showed that there was some sort of conflict between Marc and “RMC” – the original site developer.

A few hours later and Marc’s site is back to normal, but with a new post of midget porn dedicated to RMC.

Now I’ve met both these guys and RMC runs (owns?) a large bike store across town. I’m guessing amongst his mates he has a reputation as a prankster (although there will be a hipper name these days).

Marc made it to the Olympics in his chosen sport and it’s a tough sport where you need as much of a mental edge as with any other. I race BMX too and there’s something very special about it and the people

viagra patent levitra Buy Viagra Online viagra anxiety;

Protecting your forum logins from hackers

This is a hot topic at DigitalPoint right now as there is a bot working it’s way down the memberslist and doing bruteforce or dictionary attacks on the logins. Because the forum uses vBulletin it only gets 5 shots before there’s a lockout and it has to move onto the next member and then remember to return later. But it’s keen and has been running for a couple of days now. Reports indicate that it’s tried some other forums too.

Why? (more…)

%d bloggers like this: