Reversing some WordPress malware

Reversing some WordPress malware

Aug 2016 update: Back in 2015, some kind of spam bot wormed its way into my site. I quickly cleaned it up, then decoded the attack and posted details here. Not long after, the spambot started directing traffic to this post, because it contains enough of the magic words, I guess. Only instead of serving up spam, it’s serving up my analysis. I’d rather you read this than spam, so I’ve left this page up.

On to the original post…

A few minutes ago I received an alert that some files had changed on my site (thanks to All-In-One WP Security). But I hadn’t changed anything and WordPress hadn’t updated itself.

Here’s what I found, and how I fixed it.

Read more

Minor-League hacking in the MLB

So, about a year ago, the Houston Astros announced their internal player database had been breached. This week, more details emerged, pointing right at the St. Louis Cardinals.

It wasn’t a terribly sophisticated attack. You knew I’d write about this, but I’ll explore it from an IT security perspective more than from a baseball perspective.

Read more

The way home security ought to be

Last week, the show formerly known as Pauldotcom featured the creator of Iguardian, a dead-simple Internet security device. It’s a tiny computer a little larger than a pack of gum that you can plug inline between your router and your modem for extra protection. Basically it does what most people think a router does.

If you want to know what it actually does, read on. Read more

DoSing your cubicle neighbor

My baby at work is a centralized logging tool. That means my system has to touch every other system in this large company’s large network, which is kind of cool. Not many projects deal with that many different things, and I’m seeing some things I haven’t seen since college–and never expected to see in the real world, actually.

A week or two ago, we had some trouble pulling the logs in from a highly specialized system. That happens. Unix is easy, Windows is almost as easy–yes, the world of logging is a little bit upside down–but the one-off systems that don’t fit into neat categories take a lot longer to bring into the fold.

The problem was that the user account my tool uses kept getting locked out. Read more

Have a busload of servers? Need to know what version of Windows they’re all running?

Every once in a great while, I have to answer a question like what version of Windows a range of servers is running. If the number of servers is very small, you can just connect to them with a Terminal Services client and note what comes up. But sometimes that’s impractical. Right now I’m working someplace that has 8,000 servers, more or less. I’m not going to check 8,000 servers manually. I’m just not.

Here’s a more elegant, much faster way to go about getting that information.

Read more

Linksys isn’t the only company building insecure routers

I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too.

The experts cited in the article have a few recommendations, which I will repeat and elaborate on. Read more

The benefits of doing IT at home, too

Earlier this week, The Register touted the benefits of having a home lab.

That lab doesn’t necessarily have to be elaborate. But there is definitely something to be said for having some equipment that you can learn and experiment on, and that can break without the world ending. Read more

An update on the shortcut to wiring a house with Ethernet

Last week, I presented a shortcut for wiring a house with Ethernet using cheap keystone couplers. I’m happy to say I’ve done it twice now, and it all works, but I wanted to follow up and share a little more experience now that I’ve wired about a dozen ports this way.

Read more

Cable connections are the last thing most people check…

Fed up with trying to host a network printer on a Windows 7 box on a mixed network, I broke down and bought a Jetdirect card for my aged HP Laserjet 4100. Don’t worry–used Jetdirect cards are cheap these days. I paid $7 for mine.

Of course I made installing it harder than I needed to. I’m a professional. Don’t try this at home. Read more

Dvorak is wrong about the cyber war

So John C Dvorak (I’ll call him John Dvorak because he hates it–John Dvorak John Dvorak John Dvorak) says that cyber warfare, like Y2K, is a bunch of hooey.

I lived through Y2K, and I’m fighting the cyber war. He’s wrong on both counts. Read more