if you have archives on your wordpress blog spanning several years, you might have some posts infected with an “html injection” hack. Here’s how to quickly identify such posts in your archive and remove the hack.
Tag: security
Mac myths: virus immunity
For the first time, Apple is recommending the use of anti-virus tools to protect Mac systems.
Long something of a phantom menace, strains of malware capable of infecting Mac machines have gradually been increasing in prevalence over recent months. In addition, VXers are making more use of web-based attack and applications specific vulnerabilities to infect PCs whatever their underlying operating system might be.
Windows-specific malware attacks are still orders of magnitude greater than assaults on Mac machines, but the risk to Apple fans is now enough for the Church of Jobs to admit a risk exists.
The admission that security scanner software was a good idea for Mac users came in an unheralded update to Apple’s support site made on 21 November, first picked up by Brian Krebs at Security Fix on Monday.
Apple goes further than just recommending the use of one scanner to advise the use of multiple tools. “Apple encourages the widespread use of multiple anti-virus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult,” it said.
The supposed invulnerability of Macs to viruses has long been a selling point and marketing mantra for Macs’ superiority over the Windows world – as the screenshot I’ve taken of Apple.com’s “Why a Mac” page demonstrates (see above). The idea that you need two anti-virus tools by Apple’s own recommendation is actually pretty funny; if I were Microsoft I’d cut an ad saying that the Mac platform is so unstable, just one virus scanner doesn’t cut it!
WP 2.3.3 does not close injection spam loophole
Over a month ago, I’d upgraded to WordPress v2.3.3 which addressed a security hole that was permitting spammers to “inject†spammy links directly into posts via xmlrpc.php, and thereby avoid the “nofollow†attribute that is automatically applied to links in comments (to deprive comment spammers of the PageRank mojo they seek). The spam was surrounded by “noscript†HTML tags, which meant that they were invisible in the browser, thus hiding the links from detection and removal. However, subscribers to the blog feed can see the spam since RSS readers ignore javascript markup.
However, on my latest post at my geekblog, I was hit by the injection spam again. I have sent the following email to wordpress security (security @ wordpress.org)
Hello,
I have a WordPress blog at domain http://haibane.info which was upgraded to 2.3.3 as soon as the security release came out last month. I had experienced the injection spam attack detailed here:
http://wordpress.org/support/topic/151368
and upgraded to 2.3.3, but on my most recent post I have seen the same spam attack occur. The post is here:
and I have already removed the injection spam, but am reprinting it below :
<noscript><a href="http://www.casinomejor. es/casino-online- basico.html">casino online</a> mirar sus oponentes h�bitos.</noscript><noscript>Il <a href="http://www.qualitapoker .com/neteller-game-poker.html">http://www.qualitapoker .com/neteller-game- poker.html</a> � un gioco di carte.</noscript>
(there were two separate injections into the same post)
I am disabling user registration as a precautionary measure but it is clear that the 2.3.3 release did not solve the problem.
I recommend closing user registration on all WP blogs for the time being. Peter’s captcha plugins make user registration obsolete for commenting, anyway.