Tag Archives: hack

Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked

Blake Ross hacked by Blackhat SEO Spammer, blakeross.com is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked

Screenshot

blake-ross-com-280208.png

Note: There is known directory transversal exploit for WordPress 2.0.4 #4226

External Links

  • How to fix wordpress.net.in Goro Spam
  • WordPress 2.0.5 Changelog
  • Apache 1.3 Vulnerability
  • Advertisements

    1 Comment

    Filed under OWNED, security, wordpress

    Statcounter Update.sh Workaround (ip2location Informations Leak)

    The server where the backup’s log of the last three days are situated is badly set. The access for all directory by server is free, include “utils” directory that contains one script file called “update.sh” inside of which are situated the user and password to enter and download the database log from ip2location.com ~ excerpt from Giani Amoto

    There is workaround for statcounter update.sh ip2location informations leak
    check out this posts at kakkoi → Statcounter Update.sh Vulnerability Fixes

    Quick workaround

    add the following htaccess code in statcounter /utils/ directory.

    #deny access to any file with *.sh filetypes
    <Files ~ "^\.sh">
     Order allow,deny
     Deny from all
     Satisfy All
    </Files>
    
    #Deny request for *.log & comment files
    <Files ~ "^.*\.([Ll][Oo][Gg]|[cC][oO][mM][mM][eE][nN][tT])">
     Order allow,deny
     Deny from all
     Satisfy All
    </Files>
    

    Leave a comment

    Filed under statcounter, vulnerability