Category Archives: injection

fixes malicious create_function() in wp_head (goro spam)

This is quick patch for goro spams it will disabled the goro header spam links (as seen on blake ross, al gore & matt heaton WordPress blogs recently).

/**
 * Remove create_function action hook 
 * append on wordpress wp_head filters
 *  
 * @author     Avice De'véreux <ck@kaizeku.com>
 * @copyright  Copyright (c) 2006 Avice De'véreux
 * @version    1.0
 * @license    http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
 * @link       http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/
 */ 
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';	
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();
	
	foreach(range(1,10) as $priority){
		
		if (isset($filter[$priority]))
		{
			foreach($filter[$priority] as $registered_filter ){
				
				$callback = (string) $registered_filter['function'];
				
				if ( preg_match("/lambda/", $callback) ) {					
		   	 		$_lambda[$priority][] = $callback;
				} 
			}
				
		} 
	}
	
	if ( count($_lambda) >= 0 ){
		
		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);
			} 
		}
	}	
}

add_action('init','remove_create_function_action');

more on this → “wordpress spam goro header injection

2 Comments

Filed under injection, OWNED, vulnerability, wordpress

Bluehost Hostmonster CEO Hacked Again

This is the third time Matt Heaton wordpress blog got hacked. View it for yourself http://www.mattheaton.com (noscript enabled) or try google cache (Jan 28 2008 10:10:05 GMT).

ScreenGrab

More on this at kakkoi → Matt Heaton Bluehost Hostmonster CEO Hacked Again – Strike II – Blackhat SEO Spamdexing LocalRank .

2 Comments

Filed under Blog, bluehost, hack, hostmonster, injection, OWNED, vulnerability

Matt Heaton (Bluehost and Hostmoster CEO) wordpress blog Hacked by Mick Jagger from Moscow

wordpress.net.in remote spam injection, Matt’s heaton unaware that he uploaded the backdoor himself. Check his wordpress footer.

Matt Heaton (Bluehost and Hostmoster CEO) got Hacked by Mick Jagger

Full cache on google will not show the spam link (cloaking) used text-only cache.
As of this time of writing he’s still using WordPress 2.0.

While you are on mattheaton.com  footer check out the “Comment (RSS)” links. The “RSS” part is misleading. its redirect to http://cwings.ulmb.com/alexa.php?c=bluehost.com instead of the Comments Feeds. go figure

What this got to do with Mick jagger?

lol i knew u asked that, read it all at kakkoi.

5 Comments

Filed under bluehost, hack, hostmonster, injection, vulnerability, wordpress