A Quick Way To Check For Hacked WordPress Files

Posted by admin on February 15th, 2012

In the wee morning hours another malicious piece of code found its way into several of my websites’ index.php file. This comes after being hacked once before due to a vulnerability in the PHPMyAdmin Worpdress plugin.

As luck would have it most of these injected iframe hacks tend to cause errors when displayed in the browser and I usually check my sites at least once a day either manually or through automated processes. So when I went to visit one of the sites that had been hacked I got a malware alert (I use Chrome). Of course I investigated the issue and found some base64 encoded php in my root index.php file:

eval(base64_decode(‘ZXJyb3JfcmVwb3……..));

This is just a sample of what was in the file. I ran the code through a base64 decode and basically the code was an iframe to a malicious site which is why I got the malware alert.

Read More »
Posted in Shell, Wordpress Tags: , No Comments »

Using WordPress To Show Ads In The Post Loop

Posted by keith on January 28th, 2012

If you are familiar with WordPress and WordPress “loop” then you know just how powerful it can be when it comes to controlling what posts you want to show or not show.

When I first started designing websites I ran across many WordPress sites that showed ad banners after every other blog post and I thought what a  good way to maximize exposure to the ads you run on your site. Everyone is familiar with the normal ad positions; you’ve got the 300×250 top right sidebar, the 728×90 top of the page leaderboard, the 160×60 left sidebar,etc. No one ever really talks about what I feel is probably one of the best advertising spots you can have on a blog. It falls right in the reader’s field of vision when they read your blog posts.

Read More »
Posted in PHP, Wordpress Tags: No Comments »

Hacked By Vulnerability In PhpMyAdmin WordPress Plugin

Posted by keith on January 21st, 2012

I consider myself to be very knowledgeable when it comes to security. I have worked in the security field for about 10 years but being hacked happens to the best of us.

My ordeal started early last week when I got awakened out of my sleep  to the sound of my phone texting me that my server was running out of memory. I usually get a text about 3 or 4 times a day but usually it means that the server’s traffic is spiking. But that night it went off about 45 times so I knew something was up.

Read More »
Posted in Apache, PHP, Wordpress Tags: , , , No Comments »

Creating A WordPress Plugin For Posting To Tumblr

Posted by keith on January 1st, 2012

So recently I was given the task to create a plugin for WordPress that could automatically send blog posts to Tumblr. For those that don’t know what Tumblr is (as hard as that is to believe) its basically a micro blogging site much like Twitter. So as I was saying I had been given a task to make a plugin and luckily Tumblr has a nice API that can easily be integrated into a nice little plugin. If you are not familiar with writing plugins for WordPress I suggest you check out their documentation here. It does not have a fast learning curve but it helps if you have some knowledge of PHP and WordPress.

My first step was of course learning the Tumblr API. Tumblr now has two versions of their API; one is based on a very simple HTTP post method and the newer version uses OAuth.

Read More »
Posted in PHP, Wordpress Tags: , , , No Comments »
Powered by WordPress