If you are dealing with the pain of migrating your site from non-secure plain http to secure SSL/TLS https, then you are also dealing with the headache of making sure the elements on your pages such as images have https sources instead of http. The reason is that if your pages are accessed over https — Continue reading Β»
Wordpress 'page_option' Hack
Wordpress is a great publishing product but its popularity is also its Achilles heel. It's notorious for being a favorite target of hackers and many have been successful in compromising plenty of installations out there, including this one. Having automated monitoring software is certainly a prudent way to stay on top of things, but in — Continue reading Β»
Wordpress Base64 Hack or PHP-CGI Hack? part III
After being hit by the Wordpress base64 hack twice within a couple of weeks, it finally dawned me that the PHP CGI flaw was the culprit. The attack robots (a la Metasploit) use the knowledge of PGP CGI flaw together with the well-known scripts of popular products (Wordpress, Joomla, Drupal, etc.) to penetrate sites and — Continue reading Β»
Wordpress Base64 Hack or PHP-CGI Hack? part II
To be factual about it, my site was hacked twice in exactly the same way over a period of couple of weeks. The first time around I noticed it when the feeds coming via Feedburner kept crashing the RSS readersΒ because of a javascript malware block inserted right at the top of the feed. Turns out — Continue reading Β»
Wordpress Base64 Hack or PHP-CGI Hack?
A couple of months ago I started noticing that this blog's RSS feed, which is via Feedburner, wasn't coming through on some RSS readers. After some tests I discovered that the feed actually contained a malicious javascript block at the top. That was breaking the XML format, causing the RSS readers to fail. Turns out — Continue reading Β»