Browse > Home / Design, Life / Hacked! Oh Noes!

| Subcribe via RSS

Hacked! Oh Noes!

June 14th, 2008 Posted in Design, Life

It would seem that there’s some sort of hole in the wordpress 2.5.1 security. I noticed some strange funkiness with the site the other day, and when I looked at the blog code, noticed a hidden little snippet that I clearly hadn’t put there. The consensus on the support forum was that sites that were compromised before upgrading were vulnerable even after moving to 2.5.1 - the only problem there was that peariblog isn’t an upgrade, it’s a fresh, clean 2.5.1 wordpress install

The "hidden" code was in the most recent post (this seems to be the MO with this hack), and was just

<span style=”overflow: hidden; position: absolute; height: 0pt; width: 0pt;”><a href=”http://kvantservice.com/”>???????? ????? ????????</a></span>

And everything after the “continue reading” tag was gone. A number of folks suggested that it was a hole in the xmlrpc.php file - the file that allows for remote/email/desktop posting to your blog. Since I write directly to the blog itself, it was easy enough to just remove that file. I also checked the site thoroughly for other oddities, and thankfully found none. I’ve taken  a few other steps as well - now we see if I stay critter free.

On brighter news fronts, I’ve discovered a really slick .js library called HighSlide that’s now in use on the two thumbnail zoom-outs, as well as the My Pearible | Client Login link on the main page (though there’s no login box there yet… it’s coming, honest!).

The coolest thing about HighSlide is its built in alpha transparency .png support in IE6 - this is something that was giving me fits, especially with the resume and contact zoom outs. I haven’t switched those over to HighSlide yet, so if you want to see what’s been bothering me, check those out in IE6.

Once I’m done testing this out, and if I can get everything working right, I’m definitely going to be happily handing over a well-earned $29 licensing fee. I may even use it to re-do my portfolio section… although a paged jammed with 26 or 27 or so thumbnails seems a bit much, so I’ll need to think that over, too.

12:34 am… and three year old D *just* fell asleep out here on the living room couch next to me, watching Piglet’s Big Movie - a night owl, just like his dad.

This entry was posted on Saturday, June 14th, 2008 at 4:39 am and is filed under Design, Life. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply