I have mentioned before this server runs on old hardware and Fedora Core 14. Thatโs a 9-year-old OS which in terms of software, itโs like 3 times its life expectancy at this point. Fedora is almost on version 31 now. Keeping old OS around can be real hassle, but then again so is updating and — Continue reading ยป
PHP - echo'ing String Fragments Using Periods Vs. Commas
One of the mysteries of PHP's echo function is the supposed equal treatment of multiple strings separated by periods (.) vs. those separated by commas (,). Actually echo is a language construct, but I digress. In both cases echo appears to concatenate the string fragments and output the resulting string. In actuality, the period is — Continue reading ยป
Wordpress Base64 Hack or PHP-CGI Hack? part III
After being hit by the Wordpress base64 hack twice within a couple of weeks, it finally dawned me that the PHP CGI flaw was the culprit. The attack robots (a la Metasploit) use the knowledge of PGP CGI flaw together with the well-known scripts of popular products (Wordpress, Joomla, Drupal, etc.) to penetrate sites and — Continue reading ยป
Wordpress Base64 Hack or PHP-CGI Hack? part II
To be factual about it, my site was hacked twice in exactly the same way over a period of couple of weeks. The first time around I noticed it when the feeds coming via Feedburner kept crashing the RSS readersย because of a javascript malware block inserted right at the top of the feed. Turns out — Continue reading ยป
Wordpress Base64 Hack or PHP-CGI Hack?
A couple of months ago I started noticing that this blog's RSS feed, which is via Feedburner, wasn't coming through on some RSS readers. After some tests I discovered that the feed actually contained a malicious javascript block at the top. That was breaking the XML format, causing the RSS readers to fail. Turns out — Continue reading ยป