New WordPress Backdoor Style Discovered – Hackers Think They Are Sneaky

I was cleaning a client’s site today that had been hacked, when I discovered a new backdoor implementation that I had never seen before. This one is a perfect example of why automated scans are often not sufficient when cleaning up a hacked WordPress installation. You can see the full file here: 99bde887d.php.

The file was dropped into the theme that the client is using, and is coded to mimic a core WordPress file, using some of the same function names and coding conventions that WordPress itself uses. It is designed so that most people opening it and actually looking at the code would still not notice that it was anything malicious. I have seen enough back doors though that even creative ones will often stand out to me. It is definitely not something that would be picked up with any of the existing scripted scans out there. While of course someone can update their plugins or scripts to include specific strings to look for that this file contains,

Read more

Best.Nigerian.Scam.EVER! (We gonna send you to jail if you don’t read this email, do you get me?)

I have seen some pretty off the wall Nigerian Scam letters in the past, but this one has to be one of the most amazing I have ever received. Reading through this is an anthropological goldmine of insight into just how disconnected the scammers in that country are from how life really works here in the US. The basic premise of the letter is that they are going to arrest me (through email, no less) if I don’t “read the attached email and comply”… but if I do they will send me $10 million. What a deal, huh? 😀 Oh, and on top of that these people are apparently under the impression that the Director of the FBI sends out arrest warrants to people via his personal AOL email address.

Here is the email in it’s entirety for your reading pleasure, as it came to me in an attachment actually named “warrant of arrest.txt”:

Read more

*Proof* That The New SEOmoz Tool Is At Least Half Accurate

There has been quite of bit of controversy over the past few days arising from the new LDA based tool recently released by SEOmoz. While there may have been some very well thought out, compelling arguments against giving this tool any credit whatsoever, I have to tell you that in my opinion no argument, no matter how well worded, is going to win over a good old fashioned demonstration.

I am a big one for testing, and test this tool I did. Now, I know, I may have voiced some opinions in the past as to my doubt of the sincerity of Rand Fishkin and the folks who run things over at SEOmoz, but regardless of what I said before, for me seeing is definitely believing. I plugged both the url for the post introducing the tool itself, along with the phrase

Read more

Breaking News: Google Borks the Earth

Want to explore the entire planet from your computer? Normally all anyone wanting to do so would have to do would be to trot on over to Google Earth, download and install their application, and off globe trotting they could go. Today, unfortunately, those who do not already have the program installed are apparently out of luck. It looks like today one of the brighter Google engineers working for one of the world’s leading tech companies has somehow broken not just one of the download links for the application, but all of them.

Read more

I Finally Figured Out Who Jason Calacanis Reminds Me Of

In all of the discussions and posts about Jason Calacanis, whenever and wherever he replied to people calling him on his bullshit, it always had the same tired familiar ring to it. His statements have that tone that all scam artists and con men have utilized throughout the ages, professing their innocence despite the preponderance of evidence against them. Finally it hit me who it is that he sounds like when he is trying to defend his spammy sites…

Read more

Dear Matt Cutts, What’s Your Take On Addon Domains?

Today Matt Cutts answered a question from “Land Lubber”, Colorado. Land Lubber asks:

What’s your take on “addon domains”? Does Google penalize someone for having one or more addon domains on their main website, (or if they’re self hosting)? e.g. 2, 5, or 10 all coming from the same IP address, would that be bad? – Land Lubber, CO

Matt responded with the following:

Read more