Rackspace Hacked Clients, Check Your Databases: WordPress “wp_optimize” Backdoor In wp_options Table

Just finished cleaning up a hacked client whose website is hosted on Rackspace Cloud hosting. It is the second one within the past few weeks, although the first one was actually hosting on Laughing Squid, which happens to use Rackspace Cloud. I had discovered that there were a large number of people all on the same IP as my client a couple of weeks ago who all got hacked, but I was having trouble determining if it was an issue with Laughing Squid or an issue with Rackspace Cloud itself, so I didn’t blog about it until I could research it more. I wish now that I had, because maybe then it would not have spread so widely. As it is, it is the same WordPress attack that Unmask Parasites blogged about earlier today.

It looks like the culprit might have been a security hole in phpmyadmin. Hopefully this will turn out to be what was wrong,

Read more

GoDaddy’s Suggestion For The Cause Of Their Hacks And Their Community Blog – Can You Smell The Irony?

Yesterday I blogged about the hacking situation with GoDaddy hosting and a customer service call I had with them concerning some evidence I had found. While it is true that as this has progressed GoDaddy has widened their scope in investigating what the underlying cause of these hacks are, initially they claimed that the issue was with their customers running outdated versions of WordPress. While being wrong about something like that is usually not that big of a deal, in this particular instance it proved to be beyond irksome, since a large portion of their customer base were told that it was their own fault that their sites got hacked (even in cases where the customer was up to date), and that GoDaddy was in no way to blame:

WordPress is a-ok. Go Daddy is rock solid. Neither were ‘hacked,’ as some have speculated.

After an extensive investigation, we can report there was a small group of customers negatively impacted. What happened? Those users had outdated versions of the popular blogging software, set up in a particular way. – Alicia from GoDaddy

From what I have read around the web customers were being told that it was not GoDaddy’s responsibility to fix the sites, that they only offered “limited support” in situations like this, leaving people with only the option of restoring from a backup (which would often not help even in outdated WordPress hack situations, since hacks can go undetected for months) or hiring outside help to clean things up.

You can see on the support page they have set up, Whatโ€™s Up with Go Daddy, WordPress, PHP Exploits and Malware? that they still claim that outdated scripts are part of the problem. Going to that page and viewing the source reveals something almost unbelievable:

GoDaddy outdated software...?
(click to enlarge)

That’s right, in a classic “do as I say, not as I do” twist it seems that GoDaddy is in fact running an older version of WordPress (WordPress MU, based on the version number, which has the same security holes as regular WordPress) for their community blog that they are using to tell people to upgrade their WordPress versions.

To be fair, simply having an older version of WordPress does not mean that it is automatically insecure… the security fixes in the more recent versions may be minor and the known vulnerabilities might have been manually patched. I can’t know without actually digging deeper and looking if in fact the installation was vulnerable.

Then again… neither can GoDaddy in the case of their customers.

Test of WordPress’s Default Slug Redirect: 301 or 302?

Just a quick test to see if WordPress by defaults redirects slug changes using a 301 or 302 redirect. The original url for this post is:

http://smackdown.blogsblogsblogs.com/2010/03/18/test-of-wordpress-default-slug-redirect-301-or-302/

and I am going to change it to:

http://smackdown.blogsblogsblogs.com/2010/03/18/wordpress-redirect-302-or-302/

Read more

Dear Jason Calacanis: This Isn’t An “Absurd Microscope”

Jason Calacanis replied to my post from yesterday. In it he discusses how he is indeed deleting many of the spammy pages that I had pointed out. Some, like the duplicate content doorway pages, he continues to defend. Either way, progress is being made.

However, he still kinda kills it by tossing in at the end about how this whole scrutiny on his site is “absurd”, and anyone who calls him on it is being “vicious”:

Read more

Don’t Think “If” You Will Get Hacked, Or Even “When” – Think In Terms Of “How Often”

The following “guest post” was a comment left on “How To Completely Clean Your WordPress Installation” by a gentleman named Daniel J. Dick. He makes some excellent points, and due to it’s length I decided to feature the comment in it’s own post, rather than approve it in place. Enjoy.

I think Nick sums up how most of us feel about malicious hackers, script kiddies, and spambots that wreck other people’s stuff.

My apologies to everyone that reads this that are searching out how to fix your blog. It is obviously meant for the little, no good, no life having, soulless human maggot out there that creates viruses, malicious scripts and hacks other peoples stuff. YOU SUCK BIG MOOSE C#&@!!

– Nick

Most of my sites

Read more

Scientology Suspended For “Strange Activity”

I don’t know about the rest of you, but for some reason I find this oddly poetic. ๐Ÿ™‚

 

Scientology suspended for strange activity? Who would have thought! :)
(Click to enlarge.)

 

For those who can’t read it, it’s from http://twitter.com/scientology, and states:

Sorry, the profile you were trying to view has been suspended due to strange activity.

Yeah, like that’s a surprise!

Google Fails 5th Grade Math Test

Calculator says... idk, 7? So, I think I finally discovered the cause of global warming. No, for reals. From what I can tell, miss Mother Nature started using Google Calculator in helping her figure out what kind of weather she should serve up to us. Now, if she were trying to bake a cake, or perhaps get driving directions, I am sure Google would have worked just fine. But for doing math involving temperatures…? Not so much.

I was playing around with the functions on Google Calculator last week, when I noticed some of the calculations weren’t quite right. Maybe Michael Bolton from Office Space was involved

Read more

Facebook / Twitter / Myspace Hacking: How To Keep It From Happening To You

Breaking into Facebook.Over the past few weeks I have noticed a sharp increase of scammers trying to get my Facebook password, and not too long ago a few people I know actually fell prey to it. Recently there was an outbreak of of similar activity on Twitter, where the attempts were being spread through direct messages, and Myspace has seen it’s share of woes with these issue as well. The methods being used to try and trick users into giving their passwords away are collectively known as phishing attempts, where the members of the site are sent a message, either through the site itself or in an email,

Read more

Is Digg Trying To Tell Me Something?

As far as CAPTCHA’s go, I think that the one that Digg.com uses for story submissions is fairly reasonable. It’s monochrome, decent contrast, and doesn’t try and get too fancy with out of focus characters or exotic fonts. Of course I have a preference for my own PuzzCAPTCHA as far as usability goes, but for mainstream CAPTCHA’s I think Digg’s in intelligently done.

Maybe a little too intelligently, actually. I think that it might be trying to send me messages. I logged in to submit

Read more