Jun 132010

wordpress threat detectedMany of you over the past few months have experienced the onslaught of WordPress attacks which has plagued site owners – and loyal fans, alike.  I maintain multiple WordPress blogs in addition to our beloved She-geeks.com site, as well as my clients’ WordPress blogs.  While refraining from too much detail, I had the unfortunate duty of ridding two such WordPress websites of these WordPress attacks.  While both of the blogs I’m referring to maintained updated software (plugins and core files), they still fell victim to these attacks.  The attacks I am referring to primarily affected PHP pages, which would mean that A LOT of sites out there on the internet had the potential for infection.  The code would essentially insert itself into each PHP page on your site and/or WordPress blog and add strings of code which contained “eval(base64_decode“ in some way, shape or form.  This script is generally found at the very top of the page’s code – I assume so it hits first.

I spent hours upon hours working to isolate the issues and hand-remove the malicious code only to have it reappear a week later.  I ultimately had to bring on the “big dogs” in WordPress blog security, Sucuri.net.  David and the rest of the Sucuri Crew were able to solve all site issues within 30 minutes.  It was a beautiful thing.  You see, although I managed to remove most of the “malicious eval code” during these attacks myself, there appeared to be a snippet of code eluding my capture.  This code, also referred to as a backdoor by many, was hiding in the shadows of unending lines of code.  Its really too much code to parse through with the naked eye…nevermind the fact that manual removal like that is likely not the most efficient method when time (and money) is of the essence.  What can I say, I was stubborn.   Needless to say, the Sucuri Crew was very efficient and truly a life saver on that day.

Below I’ve outlined some of what I found online pertaining to the malicious attacks as well as some portions from my personal experience with the nefarious code.

Some of the malicious strings of code which were present:

“http://holasionweb dot com/oo dot php”

holasion web

There are a few mentions of solutions you can try but, in the end, the only solution which seemed to work in my case was enlisting Sucuri’s help.  However, I’ll list a few better known solutions for this type of WordPress attack:

  1. completely deleting your WordPress install and reinstalling on your hosting account (note: not fun)
  2. logging into your hosting provider and accessing an CLEAN archive version of your website. (note: you’d need to know an archived date in which your blog was completely clean and free of the bad code)
  3. Sucuri offers a free “cleaning” script which you can run yourself and seems to have helped quite a few people resolve their issues

Additional documented information which may prove useful for others is shown below.  You may see some similarities.  If you’ve collected any additional information or have a similar story to share, we’re all ears.

Xorg malware info

Holasion web info

realsafe malware info

suitecase52 malware info

More information on Sucuri Security:

“Sucuri Security is the leading provider of web-based integrity monitoring and malware detection solutions – delivered as a service. Sucuri solutions are deployed remotely in a matter of minutes anywhere in the world, allowing our customers to immediately detect web-based malware and monitor their internet presence. Sucuri’s web monitoring solution is used today by more than 8,000 sites worldwide. Sucuri was founded in 2008.

In simple terms, we clean up the mess. If your site got hacked, blacklisted or infected with malware, we fix it for you. If your site is clean, we monitor it to let you know if a problem ever happens. We work fast, we are affordable and we get things done.”

Click here to check them out: sucuri security

VN:F [1.9.6_1107]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.6_1107]
Rating: 0 (from 0 votes)
Posted by admin Tagged with: , , , , , , , , , , , , , , , ,
Apr 022008

04.02.08 by jewels

I admit it, I’m an addon whore. I love the ability to customize my browser to my liking, and often try new addons to make firefox more useful. Unfortunately, the more addons I use, the slower my browser becomes, so I often find myself disabling some addons to keep Firefox running more smoothly. Below is the list of my “must have” extensions that are required for my daily browsing habits.

My first must have is febe. The purpose of this extension is to backup your Firefox should it go whacko on you. It handles your extensions, themes, bookmarks, preferences, passwords, cookies and even your entire profile. You can customize which parts to backup and/or reinstall through the febe options found in your tools menu. Backups are automatically stored in your My Documents folder. This addon makes it insanely easy to transfer all your Firefox customization to a new computer. Rather than having to manually install your favorite addons, you need only install febe, then load one of your backups and allow it to do the work of customizing your new Firefox installation to your liking.

Must have number 2 is foxmarks. I’m one of those people who prefer having my bookmarks sitting right within my browser. And foxmarks enables me to have access to my bookmarks from any computer running firefox and keeps everything nicely synchronized.

The next extension justy & I can’t live without is cooliris previews. This helpful little tool allows you a preview of any link just by hovering over it, without having to leave the main page or open a new tab/window. It’s become an indispensable part of my daily browsing, especially when previewing results in google. It also allows you to create stacks, and email cool finds with one click. There are a variety of ways to customize its display and features to your liking.

Linkification is my next must have. It converts text based links into clickable links. I find it invaluable when reading forums where people post websites without providing an actual link. Used in conjunction with Cooliris, i am able to view any website recommendations without having to leave the current page.

My next 2 necessities pertain to google. The first is google previews which places a thumbnail view of each search result on the left side of the window. I find it handy to have a mini-view of the website right within my google search results. The second is customize google which has many customization options available, but the ones most immediately useful are google suggest-which gives you search suggestions as you type in the search bar, and competitor links that perform your search on a variety of other search engines. It also allows you to remove google Ads, filter your search results, and automatically access your gmail, google docs, and google reader accounts through https.

I couldn’t survive myspace without greasemonkey. I use several scripts that make navigating myspace much easier and friendly on the eyes. But it’s not just about myspace. There are scripts available for probably any website you use that will make it more attractive and easier to manipulate for your purposes. Go here to check out the wide variety of goodies available for Greasemonkey.

Another myspace essential is adblock. Couldn’t live without it for blocking myspace trackers. Add justy’s link here. But I must have stylish to make it behave to my liking.

VN:F [1.9.6_1107]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.6_1107]
Rating: 0 (from 0 votes)
Posted by admin Tagged with: , , , ,
Rss Feed Tweeter button Facebook button Technorati button Myspace button Digg button Stumbleupon button Newsvine button Youtube button

© 2010-2014 She-Geeks.com All Rights Reserved