How Your Brain May Get a Boost from Time Spent Outdoors:
Deep in wilderness settings, detached from persistent electronic information input, I am a quieter, humbler, more alert, more appreciative, more empathetic, more reflective being.
Beautiful day today – time to step away from technology and take a walk.
Could your WordPress install be Hacked without you knowing about it?
Similar to the Pharma-Hack, there is a new stealth hack which affects compromised WordPress sites and most people have no idea their site is infected. The reason for the ignorance is that the hack doesn’t affect any content on the infected site – except for pages delivered to googlebot. For those pages, it injects “Free live streaming porn – ” in front of page titles which gives nasty search results for innocuous content.
Take a look at these search results: google search for: “Free live streaming porn”. (Link is SFW).
About 11 million hits and if you read the summary content, most are blogs or pages from a WordPress installs that have search results that are injected with a bogus title and keywords. (Either the hack does not target Bing and Yahoo, or hacked pages end up futher down in the result set for those search engines, at least that is what I saw on those sites with the same search.)
So how do you know if your blog is one of these hacked sites? Do the same google search with the site tag:
“Free live streaming porn” site:blogrescue.com
Mine comes up clean, but it is probably a good idea to check yours. If you are infected, then you need to deal with the issue right away, and then comes the agonizing wait for googlebot to recrawl these pages and replace the damaged pages with the real version.
WordPress Sentinel tracks all files in a WordPress installation (core, themes, plugins) and then periodically rechecks and notifies the administrator of any files that have changed in any way.
Most attacks against WordPress sites will install rogue code wherever they can – in new and existing files in the themes, plugins and even in the WordPress core files. This plugin is designed to tell the administrator exactly what files have been touched and when in order to make hack detection and recovery much easier.
Here is the plugin:
After dealing with a rash of hacked WordPress installs, I came up with the concept for this plugin. It doesn’t stop a hack from happening, but it is a great tool for identifying what files have been affected and should reduce cleanup time significantly. It should also help sites be aware of stealth hacks sooner rather than later.
When we document something in the real world, we make permanent, immutable records of it. But computer documents are volatile, ephemeral constellations of data. Sometimes (as when you’ve just opened or saved them) the document as portrayed in the window is identical to what is stored, under the same name, in a file on the disk, but other times (as when you have made changes without saving them) it is completely different. In any case, every time you hit “Save” you annihilate the previous version of the “document” and replace it with whatever happens to be in the window at the moment. So even the word “save” is being used in a sense that is grotesquely misleading – “destroy one version, save another” would be more accurate.
Neal Stephenson, from In the beginning…was the command line
It has been a few years since I blogged over at king-of-fools.com. I didn’t stop because I ran out of energy or passion, just time. The past few years, I’ve been doing so much blog related support and development (not to mention the day job, family, and church) that there was simply no time at all left for anything else.
The load has not lightened at all, but I miss journaling and thought this would be a nice place to at least track how I solved a problem in the past, hoping that will help in the future. It should also be a nice medium for sharing technical answers that might help others, just as I glean so much know-how from the blogs and forums of others.
Ed
