fixes malicious create_function() in wp_head (goro spam)

This is quick patch for goro spams it will disabled the goro header spam links (as seen on blake ross, al gore & matt heaton WordPress blogs recently).

/**
 * Remove create_function action hook 
 * append on wordpress wp_head filters
 *  
 * @author     Avice De'véreux <ck@kaizeku.com>
 * @copyright  Copyright (c) 2006 Avice De'véreux
 * @version    1.0
 * @license    http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
 * @link       http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/
 */ 
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';	
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();
	
	foreach(range(1,10) as $priority){
		
		if (isset($filter[$priority]))
		{
			foreach($filter[$priority] as $registered_filter ){
				
				$callback = (string) $registered_filter['function'];
				
				if ( preg_match("/lambda/", $callback) ) {					
		   	 		$_lambda[$priority][] = $callback;
				} 
			}
				
		} 
	}
	
	if ( count($_lambda) >= 0 ){
		
		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);
			} 
		}
	}	
}

add_action('init','remove_create_function_action');

more on this → “wordpress spam goro header injection“

Spread Microformats Stamp

You can download this stamp at my deviantart

License: CC 3.0

Example → Kakkoi & Kaizeku Ban.

Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked

Blake Ross hacked by Blackhat SEO Spammer, blakeross.com is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked

Screenshot

Note: There is known directory transversal exploit for WordPress 2.0.4 #4226

External Links

How to fix wordpress.net.in Goro Spam

WordPress 2.0.5 Changelog

Apache 1.3 Vulnerability