Kaizeku

fixes malicious create_function() in wp_head (goro spam)

ChaosKaizer — Sun, 15 Jun 2008 16:04:11 +0000

This is quick patch for goro spams it will disabled the goro header spam links (as seen on blake ross, al gore & matt heaton WordPress blogs recently).

/**
 * Remove create_function action hook
 * append on wordpress wp_head filters
 *
 * @author     Avice De'véreux <ck@kaizeku.com>
 * @copyright  Copyright (c) 2006 Avice De'véreux
 * @version    1.0
 * @license    http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
 * @link       http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/
 */
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();

	foreach(range(1,10) as $priority){

		if (isset($filter[$priority]))
		{
			foreach($filter[$priority] as $registered_filter ){

				$callback = (string) $registered_filter['function'];

				if ( preg_match("/lambda/", $callback) ) {
		   	 		$_lambda[$priority][] = $callback;
				}
			}

		}
	}

	if ( count($_lambda) >= 0 ){

		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);
			}
		}
	}
}

add_action('init','remove_create_function_action');

more on this → “wordpress spam goro header injection“

Spread Microformats Stamp

ChaosKaizer — Tue, 27 May 2008 03:58:58 +0000

You can download this stamp at my deviantart

License: CC 3.0

Example → Kakkoi & Kaizeku Ban.

Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked

ChaosKaizer — Fri, 29 Feb 2008 03:47:04 +0000

Blake Ross hacked by Blackhat SEO Spammer, blakeross.com is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked

Screenshot

Note: There is known directory transversal exploit for WordPress 2.0.4 #4226

External Links

How to fix wordpress.net.in Goro Spam

WordPress 2.0.5 Changelog

Apache 1.3 Vulnerability

Statcounter Update.sh Workaround (ip2location Informations Leak)

ChaosKaizer — Sun, 17 Feb 2008 16:02:47 +0000

The server where the backup’s log of the last three days are situated is badly set. The access for all directory by server is free, include “utils” directory that contains one script file called “update.sh” inside of which are situated the user and password to enter and download the database log from ip2location.com ~ excerpt from Giani Amoto

There is workaround for statcounter update.sh ip2location informations leak
check out this posts at kakkoi → Statcounter Update.sh Vulnerability Fixes

Quick workaround

add the following htaccess code in statcounter /utils/ directory.

#deny access to any file with *.sh filetypes

 Order allow,deny
 Deny from all
 Satisfy All


#Deny request for *.log & comment files

 Order allow,deny
 Deny from all
 Satisfy All

More Cheese – Happy Chinese New Year

ChaosKaizer — Thu, 07 Feb 2008 04:03:07 +0000

2008 is the year of the Rat. Happy Chinese new year

Bluehost Hostmonster CEO Hacked Again

ChaosKaizer — Thu, 31 Jan 2008 18:09:52 +0000

This is the third time Matt Heaton wordpress blog got hacked. View it for yourself http://www.mattheaton.com (noscript enabled) or try google cache (Jan 28 2008 10:10:05 GMT).

ScreenGrab

mattheaton.com Jan 28 2008

More on this at kakkoi → Matt Heaton Bluehost Hostmonster CEO Hacked Again – Strike II – Blackhat SEO Spamdexing LocalRank .

Firebug for Firefox 3 (beta)

ChaosKaizer — Mon, 07 Jan 2008 03:37:32 +0000

Firebug 1.1.0b10 compatible with Firefox 3.0 beta 1 & 2. download it at fireclipse. more on this at Kakkoi firebug for firefox 3.0b+.

IE8 PASS ACID2 – ACID2 FAILED W3C

ChaosKaizer — Sat, 22 Dec 2007 16:45:49 +0000

Update: This article is more or less misleading. According to Asa Dotzler (mozilla.org) ↓. The CSS Error is intentionally added by the “Web Standards Group” for Error handling test.

I read this news at kakkoi recently, following up on announcements at IEblog about their recent glorified claimed with IE8 ACID2 Milestone .

Acid 2

For those who doesn’t know much bout CSS specifications. ACID2 is a standard CSS Test page maintained by The Web Standards groups. This is where Browser Vendor test their Browser CSS rendering capability. The first batch to pass this test is opera 9.1, icab (osx) & Firefox 3a.

The most popular browser vendor (Microsoft Internet Explorer) just pass this test for IE8 (a) Browser. I’m quite happy as Internet Explorer is a big liability to support by most web developer. Unfortunately The ACID2 Test pages FAILED W3C CSS2.1 Validations.

43 	 Parse Error - second two]
88 	.parser-container div 	Value Error : color orange is not a color value : orange
94 	.parser 	Property error doesn't exist : }
97 	.parser 	Property m rgin doesn't exist : 2em
97 	Parse error - Unrecognized };
99 	.parser 	Value Error : width only 0 can be a length. You must put an unit after your number : 200
100 	.parser 	Value Error : border Lexical error at line 96, column 38. Encountered: "e" (101), after : "! "error;
100 	.parser 	Value Error : border Parse error - Unrecognized }
101 	.parser 	Value Error : background Too many values or values are not recognized : red pink

Bill Gates is funny

ChaosKaizer — Sat, 08 Dec 2007 20:30:40 +0000

Jonathan Snook is having a good evening at Mix’n'mash Conferences 2007. His simple question spurs out hilarious response from bill gates. Read all the transcript at snook.ca.

Matt Heaton (Bluehost and Hostmoster CEO) wordpress blog Hacked by Mick Jagger from Moscow

ChaosKaizer — Mon, 03 Dec 2007 11:09:16 +0000

wordpress.net.in remote spam injection, Matt’s heaton unaware that he uploaded the backdoor himself. Check his wordpress footer.

Full cache on google will not show the spam link (cloaking) used text-only cache.
As of this time of writing he’s still using WordPress 2.0.

While you are on mattheaton.com footer check out the “Comment (RSS)” links. The “RSS” part is misleading. its redirect to http://cwings.ulmb.com/alexa.php?c=bluehost.com instead of the Comments Feeds. go figure

What this got to do with Mick jagger?

lol i knew u asked that, read it all at kakkoi.