Canton Becker

Jump to content.

canton@gmail.com
65 Cibola Circle
Santa Fe, NM 87505
T: (505) 501-8091

Recent Work / Blog

Testimonial

Client Photo

"Canton saved my site when I was in a sticky situation. A few weeks before I was going to change over my site to a new host/developer, my site was hacked. When I called various developers in town to try to clean up the malware and rebuild my site to what it looked like previously, I got a dismal picture. Canton was luckily an expert on cleaning up Wordpress hacks, and he got my site working again within days. He was professional, kind and answered all of my questions with patience. Working with Canton is a breathe a fresh air and I truly feel that I can trust him. I recommend his work wholeheartedly."

- Andrea Cermanski

More testimonials

Canton's RSS Feeds

Help for “bablooO” hacked / attacked WordPress Sites

WordpressHopefully, this information will be of use to some people out there who are unlucky enough to be hit by the “bablooO” wordpress security exploit. I believe this hack can impact anyone using WordPress version 2.8.0 and earlier. See this recent advisory, which I believe is related.

If you do a ‘view source’ on your WordPress blog and you see a bunch of spammy linksĀ  beginning with the comment code:
<!-- bablooO-start -->
…then here are some tips for how to recover from this problem:

  • Make sure your theme is okay. If you have a backup of your theme, restore your theme from backup as your theme files themselves may have been molested. In this particular exploit, footer.php may have been rewritten.
  • Don’t trust your WordPress installation. The actual core files may include injection code / backdoors. (wp-blog-header.php for example may have an obfuscated ob_start();eval(base64_decode()) call in it. The safest thing to do is:
  1. backup your wp-content directory and your WordPress database
  2. wipe out your entire installation
  3. reinstall the latest version WordPress from scratch
  4. restore your wp-content directory and database, and then examine both for any suspicious content. Here are some critical tips on how to search your wp-content directory for “backdoors”.
  • Make sure your database is okay (posts/pages). One tip I read about here is to use the export function (under the WordPress admin Tools menu) to save a giant XML file of all your posts/pages/comments to disk, and then you can use a text editor to search for strings like ‘viagra’ and ‘casino’ — two words which probably do not appear on your own blog, but are very likely to appear in the hidden content of these spammy links. You will have to fix these by hand.
  • Password-protect your admin directory using the .htaccess method to protect yourself from similar future exploits.

Related discussions:

http://ckon.wordpress.com/2009/06/05/bablooo-spammer-attack-on-several-wp-blogs/

http://wordpress.org/support/topic/280748

http://milw0rm.com/exploits/9110


 

11 July 2009 comment TrackBack-URI

0 comments

Leave a comment

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Read more

«
»