how-to

Rackspace Hacked Clients, Check Your Databases: WordPress “wp_optimize” Backdoor In wp_options Table

by

Just finished cleaning up a hacked client whose website is hosted on Rackspace Cloud hosting. It is the second one within the past few weeks, although the first one was actually hosting on Laughing Squid, which happens to use Rackspace Cloud. I had discovered that there were a large number of people all on the same IP as my client a couple of weeks ago who all got hacked, but I was having trouble determining if it was an issue with Laughing Squid or an issue with Rackspace Cloud itself, so I didn’t blog about it until I could research it more. I wish now that I had, because maybe then it would not have spread so widely. As it is, it is the same WordPress attack that Unmask Parasites blogged about earlier today.

It looks like the culprit might have been a security hole in phpmyadmin. Hopefully this will turn out to be what was wrong,

Read more

My Mom Needed Me To Let The Plumber In While She Was At Work (True Story)

by

Complex bath mechanisms I work from my house and keep odd hours, so when a family member needs some sort of worker let into their house during the day I am often asked if I am available to do it. I don’t mind, we all live fairly close together, and it’s not that much of a hassle on most days. Tonight my mom called and asked me if I could let someone in to her place tomorrow to look at her tub, because it’s clogged. She’s tried Drano twice, poured boiling hot water in it, and even tried plunging it, all to no avail. I told her it would be no problem for me to let someone in.

A little while later I went into my own bathroom, and while in there happened to glance at my own tub…

Read more

Stray Leftover Hacked WordPress Database Entry: rzf.php

by

I never use my uploads directory or WordPress’s built in media management here on Smackdown, instead preferring to upload and manually insert the html for images myself in my posts (I know, I am weird that way), but my friend Donna has when she has guest blogged here in the past. I therefore knew that the uploads directory existed and had a few images in there, but never really had any reason to look at them. It was totally by accident that I clicked on the Media link in the admin section this morning. I am glad that I did, however, since otherwise I never would have known that I had missed a bit of leftover data from one of the times that I had been hacked last year, a reference to a file named rzf.php.

I use an early warning hacking detection system that Donna came up with last year with and I helped refine, MonitorHackdFiles, that alerts me whenever there are any files modified or added on my blog. This script has been indispensable in helping me to clean up damage from hacks before either my rankings were harmed or an infection spread to my readers. However, based on the folder structure

Read more

Facebook / Twitter / Myspace Hacking: How To Keep It From Happening To You

by

Breaking into Facebook.Over the past few weeks I have noticed a sharp increase of scammers trying to get my Facebook password, and not too long ago a few people I know actually fell prey to it. Recently there was an outbreak of of similar activity on Twitter, where the attempts were being spread through direct messages, and Myspace has seen it’s share of woes with these issue as well. The methods being used to try and trick users into giving their passwords away are collectively known as phishing attempts, where the members of the site are sent a message, either through the site itself or in an email,

Read more

Amazon Confirms: Shortened URL’s *Are* Allowed On Facebook and Twitter

by

Last week there was some commotion over the fact that it was being reported that Amazon.com was refusing to pay affiliates if they used url shortening services to post affiliate links on social media sites such as Facebook or Twitter. This actually makes no sense from a business perspective, since it would discourage people from sending traffic to Amazon using some of the most popular communication mediums that are out there today.

I decided to go through the affiliate operating agreement myself to see

Read more

How To Find The Best Free Image/Photo/Graphics Downloads For Your Blog Posts

by

Smile! Adding images to your blog posts can make them much more visually appealing to your readers. This in turn can increase the likelihood that someone will link to that post or subscribe to your feed, which will of course in the long run help to improve your rankings and traffic. The internet is chock full of images, many of which will fit perfectly with that blog post or article that you are writing. The problem is, however, finding images that are both high quality and that you are actually allowed to use.

The Problems

Two internet no-no’s that beginner web publishers often perform, many times without even realizing that they are doing anything wrong,

Read more

How To Completely Clean Your Hacked WordPress Installation

by
Update 08/13/2015 – Please note: The following Do It Yourself guide on how to de-hack your website is designed for people who don’t necessarily know how to read php, but do know how to work their way through installing WordPress, themes, and plugins. It also assumes you know your way around whichever hosting control panel it is that comes with your host. Because malicious code can be very hard to weed out from the legitimate stuff, especially for someone who is not a programmer, this guide recommends that you start over with a completely fresh theme on your site. This means that for many, the customizations that were done to the theme will be lost, or will need to be re-done. For those of you who would prefer not to do that, or who have a complicated or ecommerce site, or one with heavy traffic and you would like to completely minimize the downtime, I do offer professional cleaning services. I can de-hack and secure your site without losing any of the design or functionality, and in most cases there is only a few minutes of downtime near the end of the process. For more information, please fill out my contact form.

WordPress hacker removal spray... use in a well ventilated area. Getting hacked sucks, plain and simple. It can affect your rankings, cause your readership to be exposed to virus and trojan attacks, make you an unwilling promoter to subject material you may not actually endorse, and in many cases cause the loss of valuable content. However, once it happens it is usually best to not procrastinate on the clean up process,

Read more

EasyWP WordPress Installer – Cause There Ain’t No Such Thing As “Too Easy”

by

Easy Street here we come!Let’s face it… generally speaking, installing WordPress is not exactly an arduous task. It’s designed to be relatively easy, allowing pretty much anyone to set up a blog of their own, regardless of their technical expertise. For the most part, WordPress succeeds at this. However,

Read more

Introducing: PuzzCAPTCHA Advanced Comment Form Protection, LinkMyPics – The Hotlink Advantage Maximizer… Oh, and Evan Rachel Wood, Topless [NFSW]

by

No, I have NOT been hacked... No, my blog wasn’t hacked by porno webmasters, and no, I’m not converting Smackdown to an adult website (although, to be honest, kids or sensitive people should always approach my blog with caution). I wanted to test some of the various image search algos, and as it just so happens the search [Evan Rachel Woods Topless] currently brings up no valid results on Google Images (which kind of surprised me, but more on that at the end). Since I am also releasing a WordPress plugin to help prevent comment spam (which blogs coming up for queries like that probably encounter a ton of) and a very nifty little widget that helps turn image and bandwidth theft into links, I figured I would do all 3 at once. I promise, I am putting all of the questionable images way below the fold… so if you are the sensitive type,

Read more