Top
Browse > Home /

Wordpress 2.3.3 Hidden Links Injection Exploit and How To Not Let It Happen To You

March 21, 2008


A friend yesterday running the latest version of had some links injected in his . I know he is very technical and knows what he is doing so started making me a little paranoid. I started search for 2.3.3 links and as you can see there is a ton of people claiming to be running the latest and greatest version yet getting links inserted in there posts. People are also inserting iframes. Its actually pretty effective if you think about it… How would you notice links in old posts?

First I want to say I have never seen any evidence of a fresh 2.3.3 install of .

The most likely comes from either a previous exploitable file still existing in your install directory or from someone who has already hijacked your admin . You see there were some wicked exploits in earlier versions that allowed people to your admin which authenticates you (keep me logged in).

So what to do…. well if you have 2.3.3 and you are getting owned regularly here is what you need to do.

1) Make a new fresh install of and copy over your must have files… like themes, plugins (MAKE SURE THEY ARE UP TO DATE) , images, wp-config.php

2) change your password right away. In case someone has a old hash of your password.

If you have been following the proper upgrade instructions (minus changing the admin pass) on the you should have been doing this the whole time… ya I know I was not either.

If you are a nerd like me you might want to use which is super dope and is a better and easier way to keep up to date if you know how to use . Here are the instructions for that

Anyway security wise out of the box most web servers are not going to help you find out the root of the . Most of these are requests and unless you are specifically logging them of have mod_security installed …. there is no log anywhere of any request to your web other then one happened.

Thanks to donncha ocaoimh for answering my ;)

this helps anyone who is having there 2.3.3 getting owned.

Source

Written by admin · Filed Under Tech news 

Spore Hands-On

February 21, 2008

It’s a sign of the anticipation surrounding a when you’re a visiting a foreign country and passport control asks you about its release date. That’s exactly what the developers of were met with when they entered the UK for the London demonstration of their . Thankfully for both immigration officers and the gaming public at large, is now “pretty much finished” according to EA, and a worldwide release date of September 7 was recently announced.

The itself is looking much more complete now, although it has been six months since its last showing at Leipzig in August 2007. With the now in fully playable form, we got to see the life sim as its gameplay progresses from single-cell organisms to intergalactic warfare and everything in between. It was also a good opportunity for us to put our questions to the development team about ’s many community features, and to take a look at the Nintendo DS version of the .

Life can get scary at the cellular level…

Jumping straight onto one of EA’s demo PCs, we wasted no time in getting a hands-on with the . will offer five evolutionary stages in its duration, and given that we’ve covered the early parts of the in other previews, we decided to jump forward and check out space exploration. As with the creature-creation tools, you can customise your spaceship to a highly advanced degree. We chose to use a flying-saucer-shaped vessel as a template, and from there we altered the proportions, applied different colours and patterns, and adorned our creation with various cannons and lasers. Although there was no way that an advanced civilisation would be caught dead in such a monstrosity, it’s clear that the tools will let players create pretty much anything they can imagine.

When it came down to playing the , our hastily designed creation was no match for the toilet-shaped vessel that had already been designed by the team. The holds your hand with a tutorial on the basic controls and abilities of your ship, both those needed for flying low over planets and abducting creatures, and for interplanetary travel. Controlling the ship in the air was simple. You use either the WASD keys or a right-click of the mouse to move around, and the mouse wheel to ascend or descend. You select weapons and tools by clicking icons at the bottom of the screen. Equipped with a tractor beam, you can click on unsuspecting creatures and pull them into your ship with the left mouse button.

Not all your spaceships need look like bathroom fittings.

has a very dry sense of humour, and it calls on you to collect creatures for your own nefarious ends. However, there’s a downside to your scientific experimentation, and in our demo we managed to introduce a rogue infection to our city by collecting bug-ridden creatures. The result: You have to eradicate the surrounding colonies with your onboard laser, using the left mouse button to fire. Before you can start exploring and colonising other worlds, your final task on your home planet is to colour it purple, although we couldn’t quite understand why.

The first planet that we visited was completely barren and needed development before life could inhabit it. We equipped our ship with a variety of plants and used the tractor beam to drop them on the ground. With vegetation available, the next step was to introduce herbivores, with the setup complete once carnivores were dropped on the planet.

Aside from actual gameplay, the big theme of EA’s presentation was user-generated content. It’s clear that has learnt much from Facebook and MySpace, and instead of being a separate component, the online community features are very much woven into the fabric of the . In fact, much of ’s terminology borrows directly from Web 2.0 vernacular; sporecasts let you subscribe to other users’ creations, whereas sporepedia is the in- directory for all of your content. Sporecasts will let you transmit and receive user-generated content, and you’ll be able to search the entire Web based on ratings or specific tags (for example, “Doctor Who” or “purple”). We were shown how one of the designers had created a series of animals based on letters from the alphabet, and then put them in a set that can be downloaded by any player online.

Don’t expect the online aspect of to be limited to the , either, because the creators want it to spread to your browser as well. Although no specific announcements have been made, it’s clear that the team wants to develop a variety of badges and links that can be embedded into blogs and social networks to show your activity in . Of course, with so much encouragement for user-generated content, it presents an interesting proposition for the creators of The Sims. With so many add-on packs helping to make their previous one of the best-selling of all time, can we still expect the same sort of support for ? The answer that’s being hinted at by Maxis is that rather than directly making stuff for the , the company will release more tools to help users produce it instead. But whatever happens, is clearly a franchise title for EA, and the is bound to be heavily supported once it finally makes its way to store shelves.

Speaking of franchising, is also being released on the Nintendo DS. Though you can still build creatures and explore new worlds, the handheld version is much more task-oriented than its PC counterpart. The character-building aspect of the is used to solve problems. The boasts Phantom Hourglass-style cel-shaded visuals, and the characters have some of the colourfulness of the animals from Viva Piñata. You control your creature by touching the screen, and you use the stylus to shake trees for fruit or attack other creatures.

is shaping up very nicely, and from what we saw in London, it’s well on its way to completion. EA has now announced a worldwide release date of September 7–in the meantime, should it drip-feed any more information, we’ll be sure to keep you updated.

Written by admin · Filed Under Gaming news 

Bottom