fixes malicious create_function() in wp_head (goro spam)

This is quick patch for goro spams it will disabled the goro header spam links (as seen on blake ross, al gore & matt heaton WordPress blogs recently).

 * Remove create_function action hook 
 * append on wordpress wp_head filters
 * @author     Avice De'véreux <>
 * @copyright  Copyright (c) 2006 Avice De'véreux
 * @version    1.0
 * @license GNU Lesser General Public License
 * @link
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';	
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();
	foreach(range(1,10) as $priority){
		if (isset($filter[$priority]))
			foreach($filter[$priority] as $registered_filter ){
				$callback = (string) $registered_filter['function'];
				if ( preg_match("/lambda/", $callback) ) {					
		   	 		$_lambda[$priority][] = $callback;
	if ( count($_lambda) >= 0 ){
		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);


more on this → “wordpress spam goro header injection


Filed under injection, OWNED, vulnerability, wordpress

Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked

Blake Ross hacked by Blackhat SEO Spammer, is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked



Note: There is known directory transversal exploit for WordPress 2.0.4 #4226

External Links

  • How to fix Goro Spam
  • WordPress 2.0.5 Changelog
  • Apache 1.3 Vulnerability
  • 1 Comment

    Filed under OWNED, security, wordpress

    Statcounter Workaround (ip2location Informations Leak)

    The server where the backup’s log of the last three days are situated is badly set. The access for all directory by server is free, include “utils” directory that contains one script file called “” inside of which are situated the user and password to enter and download the database log from ~ excerpt from Giani Amoto

    There is workaround for statcounter ip2location informations leak
    check out this posts at kakkoi → Statcounter Vulnerability Fixes

    Quick workaround

    add the following htaccess code in statcounter /utils/ directory.

    #deny access to any file with *.sh filetypes
    <Files ~ "^\.sh">
     Order allow,deny
     Deny from all
     Satisfy All
    #Deny request for *.log & comment files
    <Files ~ "^.*\.([Ll][Oo][Gg]|[cC][oO][mM][mM][eE][nN][tT])">
     Order allow,deny
     Deny from all
     Satisfy All

    Leave a comment

    Filed under statcounter, vulnerability

    More Cheese – Happy Chinese New Year

    2008 is the year of the Rat. Happy Chinese new year



    Filed under Blog

    Bluehost Hostmonster CEO Hacked Again

    This is the third time Matt Heaton wordpress blog got hacked. View it for yourself (noscript enabled) or try google cache (Jan 28 2008 10:10:05 GMT).


    More on this at kakkoi → Matt Heaton Bluehost Hostmonster CEO Hacked Again – Strike II – Blackhat SEO Spamdexing LocalRank .


    Filed under Blog, bluehost, hack, hostmonster, injection, OWNED, vulnerability

    Firebug for Firefox 3 (beta)

    Firebug 1.1.0b10 compatible with Firefox 3.0 beta 1 & 2. download it at fireclipse. more on this at Kakkoi firebug for firefox 3.0b+.

    1 Comment

    Filed under Add-ons, Mozilla Firefox