Category Archives: wordpress

fixes malicious create_function() in wp_head (goro spam)

This is quick patch for goro spams it will disabled the goro header spam links (as seen on blake ross, al gore & matt heaton WordPress blogs recently).

/**
 * Remove create_function action hook 
 * append on wordpress wp_head filters
 *  
 * @author     Avice De'véreux <ck@kaizeku.com>
 * @copyright  Copyright (c) 2006 Avice De'véreux
 * @version    1.0
 * @license    http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
 * @link       http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/
 */ 
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';	
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();
	
	foreach(range(1,10) as $priority){
		
		if (isset($filter[$priority]))
		{
			foreach($filter[$priority] as $registered_filter ){
				
				$callback = (string) $registered_filter['function'];
				
				if ( preg_match("/lambda/", $callback) ) {					
		   	 		$_lambda[$priority][] = $callback;
				} 
			}
				
		} 
	}
	
	if ( count($_lambda) >= 0 ){
		
		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);
			} 
		}
	}	
}

add_action('init','remove_create_function_action');

more on this → “wordpress spam goro header injection

2 Comments

Filed under injection, OWNED, vulnerability, wordpress

Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked

Blake Ross hacked by Blackhat SEO Spammer, blakeross.com is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked

Screenshot

blake-ross-com-280208.png

Note: There is known directory transversal exploit for WordPress 2.0.4 #4226

External Links

  • How to fix wordpress.net.in Goro Spam
  • WordPress 2.0.5 Changelog
  • Apache 1.3 Vulnerability
  • 1 Comment

    Filed under OWNED, security, wordpress

    Matt Heaton (Bluehost and Hostmoster CEO) wordpress blog Hacked by Mick Jagger from Moscow

    wordpress.net.in remote spam injection, Matt’s heaton unaware that he uploaded the backdoor himself. Check his wordpress footer.

    Matt Heaton (Bluehost and Hostmoster CEO) got Hacked by Mick Jagger

    Full cache on google will not show the spam link (cloaking) used text-only cache.
    As of this time of writing he’s still using WordPress 2.0.

    While you are on mattheaton.com  footer check out the “Comment (RSS)” links. The “RSS” part is misleading. its redirect to http://cwings.ulmb.com/alexa.php?c=bluehost.com instead of the Comments Feeds. go figure

    What this got to do with Mick jagger?

    lol i knew u asked that, read it all at kakkoi.

    5 Comments

    Filed under bluehost, hack, hostmonster, injection, vulnerability, wordpress