Category Archives: OWNED

fixes malicious create_function() in wp_head (goro spam)

This is quick patch for goro spams it will disabled the goro header spam links (as seen on blake ross, al gore & matt heaton WordPress blogs recently).

 * Remove create_function action hook 
 * append on wordpress wp_head filters
 * @author     Avice De'véreux <>
 * @copyright  Copyright (c) 2006 Avice De'véreux
 * @version    1.0
 * @license GNU Lesser General Public License
 * @link
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';	
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();
	foreach(range(1,10) as $priority){
		if (isset($filter[$priority]))
			foreach($filter[$priority] as $registered_filter ){
				$callback = (string) $registered_filter['function'];
				if ( preg_match("/lambda/", $callback) ) {					
		   	 		$_lambda[$priority][] = $callback;
	if ( count($_lambda) >= 0 ){
		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);


more on this → “wordpress spam goro header injection



Filed under injection, OWNED, vulnerability, wordpress

Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked

Blake Ross hacked by Blackhat SEO Spammer, is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked



Note: There is known directory transversal exploit for WordPress 2.0.4 #4226

External Links

  • How to fix Goro Spam
  • WordPress 2.0.5 Changelog
  • Apache 1.3 Vulnerability
  • 1 Comment

    Filed under OWNED, security, wordpress

    Bluehost Hostmonster CEO Hacked Again

    This is the third time Matt Heaton wordpress blog got hacked. View it for yourself (noscript enabled) or try google cache (Jan 28 2008 10:10:05 GMT).


    More on this at kakkoi → Matt Heaton Bluehost Hostmonster CEO Hacked Again – Strike II – Blackhat SEO Spamdexing LocalRank .


    Filed under Blog, bluehost, hack, hostmonster, injection, OWNED, vulnerability


    Update: This article is more or less misleading. According to Asa Dotzler ( ↓. The CSS Error is intentionally added by the “Web Standards Group” for Error handling test.

    I read this news at kakkoi recently, following up on announcements at IEblog about their recent glorified claimed with IE8 ACID2 Milestone .

    Acid 2

    ie8 pass acid2 - acid2 failed w3cFor those who doesn’t know much bout CSS specifications. ACID2 is a standard CSS Test page maintained by The Web Standards groups. This is where Browser Vendor test their Browser CSS rendering capability. The first batch to pass this test is opera 9.1, icab (osx) & Firefox 3a.

    The most popular browser vendor (Microsoft Internet Explorer) just pass this test for IE8 (a) Browser. I’m quite happy as Internet Explorer is a big liability to support by most web developer. Unfortunately The ACID2 Test pages FAILED W3C CSS2.1 Validations.

    43 	 Parse Error - second two]
    88 	.parser-container div 	Value Error : color orange is not a color value : orange
    94 	.parser 	Property error doesn't exist : }
    97 	.parser 	Property m rgin doesn't exist : 2em
    97 	Parse error - Unrecognized };
    99 	.parser 	Value Error : width only 0 can be a length. You must put an unit after your number : 200
    100 	.parser 	Value Error : border Lexical error at line 96, column 38. Encountered: "e" (101), after : "! "error;
    100 	.parser 	Value Error : border Parse error - Unrecognized }
    101 	.parser 	Value Error : background Too many values or values are not recognized : red pink

    Related Links


    Filed under CSS, Internet Browser, OWNED