Blank Screen of Death WordPress Nefarious Invisible Plugin

July 15, 2008

Recently while troubleshooting an old WordPress 2.1.3 blog, I found that when trying publish a new post, the next page would fail to load and only get to a blank screen.  Also, while looking around in the dashboard, I noticed that the default upload directory (for uploading images etc), was set to:

/../../../../../../../../../../../../../../tmp/ 

from  CyberInsecure.com :

Wordress blogs are mass scanned and attacked, and a new directory in wp-content folder is created in vulnerable ones. The directory is usually called /1/ and its full of html files containing Javascript redirects in them (doorways). There was also an infected blog with phishing pages for Google logins. Google cache already shows thousands of results with such hacked WordPress blogs. They can be seen best by committing a search inurl:wp-content/1/ (do not visit those results, your PC might get infected). Google has already tagged some of these spam pages as harmful.

The blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all those spam pages creation. It seems there are also spam comments in posts as well. Spam comments are pointing to internal infected blog pages in folder “1″ to get them spidered and to get people to visit them.

This issue was reported to WordPress.org, and there is an unofficial fix for this issue. The fix is based around renaming the cookies used by WordPress by default. If the exploit is hacking the cookies by mass scanning blogs, and it looks for a specific cookie name, that would stop what is out there now but it would not fix the issue.

Recommendations: Upgrade to 2.3.3 along with immediately changing any administrator passwords. Currently older WordPress versions, especially Wordress 2.1.3, attacked using “admin-ajax.php” sql injection exploit to retrieve the administrator account’s password.
Change default cookie names in your blog.

Things like this are a reason to keep your WordPress, and all other software up to date!

Reading:

http://wordpress.org/support/topic/154278

No Comments » | Computer Problems and Fixes, Evil Robots, Social Software, Web 2.0, technology | Permalink
Posted by Andrew A. Peterson

Emailinglist Spam A Sad Example

June 28, 2008

I just glanced at my DataPortability email digest and apparently they got some sexy girls hot sexy pictures and nude videos going on in there.   WTF?

Uh… 

Is that Portable Data?

We are constantly trying to come up with new ways to battle those entities whom have absolutely nothing to contribute.  

In the coming age of more intelligent computing, within the cloud of service providers and throughout the Web Of Data or Semantic Web, will the penetration of irrelevant solicitors be the same?  

Surely there will always be Spam, but will structured data and the services that utilize it help to make barriers, at least of relevance? Or at all?  

Just some shit to think about.

No Comments » | Data Portability (DataPortability), Etc, Evil Robots, Spam and Scams, Web 2.0, technology | Permalink
Posted by Andrew A. Peterson

Evil PayPal-CGI.Com Sent Me a Phishing Email… Evil Evil Evil!

June 25, 2008

First of all, NEVER click on a link in an email claiming to be from PayPal.  Look very closely at the email address the message came from.  You may get an email from someone like paypal@gmail.com, paypal@hotmail.com or paypal@yahoo.com, but these are NOT from PayPal.

Anyone can have their name appear as PayPal when they send you a message, so don’t let the “name” appearing in the from field of a message fool you.

I think the way these things generally work is, they build a site that looks identical to PayPal’s and when you follow the link to that fake website, if you don’t catch the slight difference in the URL, you might make the mistake of “Loging In…”  By attempting to log into the fake site, you have just given some criminal bastard your real PayPal Login info.

They can then log into your account and transfer money to a bank account etc…

If you get an email like this, forward it to spoof@paypal.com

Here’s a Picture of a fake PayPal site, just to give you an idea of how easy it is for these slime balls to pull off this sort of thing.

Click to see full size version, then look closely at the URL

I got an email from noreply@paypal-cgi.com today.  I looked up who that web site belongs to and posted that info below.  Apparently it’s one Katie Beougher in Emeryville, CA.  The email reads as follows:

Subject: Customer Service - Notification

This email is to inform you that your online profile has been deactivated due to inactivity.
In order to continue using your PayPal account, please renew your profile by going to:
http://211.17.17.14/log_recv/.cgi-bin/update/reload/pp/www.paypal-cgi.com/cmd/index.htm

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Thank you for using PayPal.

Best Regards,
PayPal Resolution Center

Again, if you get an email like this, forward it to spoof@paypal.com

Here’s the WhoIs.net info on the phoney paypal site I got an email from.  (whois.net is a free way to look up who owns a website domain):

WHOIS information for: paypal-cgi.com:

 

[whois.melbourneit.com]

Domain Name.......... paypal-cgi.com
  Creation Date........ 2007-10-12
  Registration Date.... 2007-10-12
  Expiry Date.......... 2008-10-12
  Organisation Name.... Katie Beougher
  Organisation Address. P O Box 99800
  Organisation Address.
  Organisation Address. EmeryVille
  Organisation Address. 94662
  Organisation Address. CA
  Organisation Address. US

Admin Name........... PrivateRegContact Admin
  Admin Address........ P O Box 99800
  Admin Address........
  Admin Address........ EmeryVille
  Admin Address........ 94662
  Admin Address........ CA
  Admin Address........ US
  Admin Email.......... contact@myprivateregistration.com
  Admin Phone.......... +1.5105952002
  Admin Fax............ 

Tech Name............ PrivateRegContact TECH
  Tech Address......... P O Box 99800
  Tech Address.........
  Tech Address......... EmeryVille
  Tech Address......... 94662
  Tech Address......... CA
  Tech Address......... US
  Tech Email........... contact@myprivateregistration.com
  Tech Phone........... +1.5105952002
  Tech Fax.............
  Name Server.......... yns1.yahoo.com
  Name Server.......... yns2.yahoo.com

 

 

Later, PayPal responded saying:

Dear Andrew Peterson,

Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team
is working to disable it.

————————-
What is a phishing email?
————————- 
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal 
will never ask for your password over the phone or in an email and will 
always address you by your first and last name.

Take our Fight Phishing Challenge at 
https://www.paypal.com/fightphishing to learn 5 things you should know 
about phishing. You’ll also see what we’re doing to help fight fraud 
every day.

————————-
You’ve made a difference.
————————-
Every email counts. By forwarding a suspicious-looking email to 
spoof@paypal.com, you’ve helped keep yourself and others safe from 
identity theft.

Thanks,

The PayPal Team

Read the rest of this entry »

No Comments » | Diary Type Stuff, Etc, Evil Robots, Spam and Scams, technology | Permalink
Posted by Andrew A. Peterson

Craigslist Spam -Collecting Emails or What? Hate These Bastards!

May 20, 2008

from: nade05@uku.co.uk

reply to: johnram555@gmail.com

 

Hello

Please I’ll like to know if your ITEM is

still available. I want to buy it for my wife

as a Britday gift.Email me or call me as

soon as you can so that we can proceed

because I’ll be leaving town in few days

time

cole.

Phone: (915)-808-3485

They don’t say what the item is or ask any questions about it.  The telephone number is a Texas Area Code and is disconnected. I suspect this is a spam-bot that responds to all craigslist ads of a certain parameter, and then collects the email addresses of the people that respond.  Or something like that.  I hate this.  

2 Comments | Evil Robots, Spam and Scams | Permalink
Posted by Andrew A. Peterson

Comcast Bought Plaxo. I deleted My Plaxo Account.

May 16, 2008

A “Letter to Comcast,” but also, and more importantly, a letter to people who read my blog.

Source: TechCrunch

Plaxo has some really compelling address book synchronization offerings.  Really, for me, Plaxo was sort of a mini dream come true as far as my personal data is concerned.

But I thought about it and I just don’t trust Comcast.  They are limiting my access to competing media distribution channels, and they have a reputation for fighting against consumer interests, and perhaps even human interests, if you’re willing to step back and see the implications of the non-neutrality they are in favor of with regard to the Internet.

Comcast, you have an uphill PR battle in front of you.  People like me will continue to think of your brand as representing pure evil until you start to prove us wrong.  I don’t know how you’re going to do this, but making acquisitions that appear to consumers to be privacy concerns, given your already soiled trust with the public, isn’t the best thing to do right now.  I’m all for socially curated media, and I’m glad if Comcast is working in that direction, but frankly, you’re in a position where you could really start to seem like the orwellian “Big Brother” Nightmare everyone is terrified of.  Perhaps you should point all your guns at bringing IPTV into reality, or better yet, let’s see the real convergence between TV and Web that we all know is coming one way or another.  Do that first.  And why don’t you also try getting all the dark spots in the Net lit up! The South, you know? Let’s get those people online and you can sell them programming later.  I know there’s not really a bandwidth problem, not when there’s 100 channels of “HD” programming streaming into all your cable customers homes 24/7. C’mon. Quit lying and cheating and stealing and start making some progress toward our common good.  Or on the other hand, why don’t you announce the acquisition of an arms manufacturer.  That’d help your company’s image.

I’ve deleted Plaxo’s software from my machine, and I closed my Plaxo account.  Goodbye Plaxo.  Really, an open-source version of the same type of thing would be better anyhow.

1 Comment | Data Portability (DataPortability), Evil Robots, Humanity & Culture, Life 2.0, Social Software, Social Software and The Social Graph, politics, technology | Permalink
Posted by Andrew A. Peterson

Imagine a World Without Popup Ads.

April 18, 2008

I can’t believe this is still going on. Perhaps it’s worthwhile to these jerks to do this, as they continually cash in on the occasional newb?

I won a free laptop? Really?

This one was compelling to me, thus the few minutes I decided to waste posting this.

PUKE

2 Comments | Diary Type Stuff, Etc, Evil Robots, Humanity & Culture, Humanity, Culture, Philosophy, Life 2.0, Marketing/Advertising In The Cloud, SEO, SEM, SMO Etc, Spam and Scams, technology | Permalink
Posted by Andrew A. Peterson

“wrote an interesting post today” SEO, Evil Robots and One Sad Outcome of Non-Semantics in Spam-Control/Search

April 7, 2008

I’ve mentioned before how increasingly the ‘Live Web’ or ‘Blogosphere’ (or whatever you want to call this thing) is being infiltrated by Robot Blogs. What they appear to be doing is crawling the web and scraping excerpts of blog posts and reposting the excerpts, linking back to where it came from. They usually say:

“[KeyWord] wrote an interesting post today”

Since they link back to the blog post they scraped, they show up as a trackback in the comments area of the original post. This way, the unsuspecting blogger is linking to the fake blog. The fake blogs seem to be set up in an attempt at monetizing traffic via adsense ads.

I googled the phrase “wrote an interesting post today” and the top hit was (I probably am the top hit now) some blogger talking about filtering any comment that contains the phrase “wrote an interesting post today.”

I had decided to change my little tagline thingy to this exact phrase as a sort of inside joke for bloggers, but found myself wondering if being associated with that phrase will adversely effect my findability. Perhaps Search Engines or Spam Filters will begin to look out for that phrase?

Already, I bet there are tons of bloggers who filter out comments containing words like “viagra” or “casino,” assuming that there is absolutely no context in which these words could be used in a legitimate discussion. The fact that I am using those words here is proof that there is such a thing as a legitimate discussion which contains them.

Filtering for a word or phrase seems to me to be a slippery slope, especially if we’re talking about Search Engines, since they act as our main interface to the Web.

Google: Please don’t hate me because I said Viagra. I’m not a spammer.

No Comments » | Etc, Evil Robots, Life 2.0, New Media, SEO, SEM, SMO Etc, Semantic Web, Social Software, Spam and Scams, The Semantic Web (Giant Global Graph), Web 2.0, technology | Permalink
Posted by Andrew A. Peterson

My First LastFM Spam: Clarissa Campbell

February 10, 2008

From: Rosemaryky14
Subject: hi.. how’s it going!
Date: 10 Feb 2008, 13:32
So, i guess the time has come for me to start using this account. I can hold back no more! I wandered into your page and well, I liked what I saw.. :p
Read the rest of this entry »

1 Comment | Etc, Evil Robots, Social Software, Uncategorized | Permalink
Posted by Andrew A. Peterson

« Previous Entries