Surgery Complete

The patient is recovering from the operation and doing well, we’re surprised is held up to that attack. The bullets were removed, and the surgeon decided to do a little liposuction while he was operating. Now that the patent is all sewn up, it’s time to step back and look at what happened.

The Weblogs.us server suffered a massive attack sometime between the 26th of October and the first week of November. Many blogs hosted by Weblogs.us were affected by the attack, which involved SQL injection as mentioned in the previous post. This attack was a spam sort of attack, not a delete/drop tables attack. Though the damage was extensive, not every blog was affected. Additionally, the attack was not limited to the WordPress blogs hosted by Weblogs.us, some of the old Moveable type blogs were affected as well. This means some some passwords were compromised, due to this global password changes may be coming later this week. JD, when looking at the extent of the damage was surprised the database server survived the attack (it was that bad, and that many malicious entries).

What the attack did was enter iframes to googlerank.info/counter which used the css value display:none; to hide them. These appeared at the bottom of every page, and were also cleverly added to some blogroll links by adding a fake and hidden <a href after itself to keep the HTML valid. Googlerank.info is a know mailware site, that preys on users of Internet Explorer. Since Firefox and other modern browsers are not affected by this site, the Russian owners started showing them a fake 404 page that they ripped from Google. Hopefully, the owners of that site will meet an untimely death.

But, the storm is not over yet, someone with malicious intents has been searching Google with the query:

intext:”leave a reply” intext:”Mail (will not be published) (required)” intext:”Responses to” site:us

This is a quick and dirty way to harvest many sites that run WordPress. I have little doubt that the intents of the individual that submitted that query are malicious (either intent to spam or hack). Thus that IP address will be blocked in the Weblogs.us firewall indefinitely.

-John Havlik

[end of transmission, stay tuned]

Depreciation Notice

As of today, October 22, 2007, Breadcrumb Navigation XT version 1.9.x is no longer supported or available for general consumption. A month ago Breadcrumb Navigation XT 1.10.0 was released, bringing with it support for WordPress 2.3’s new taxonomy system. This version has been tested and verified to work on WordPress 2.2 installations, and can be safely used by those of you still blogging using that depreciated platform. Look forward to Breadcrumb NavXT 2.0 sometime next month. Additionally, WordPress 2.2 support will no longer be guaranteed in one more month as I develop in a WordPress 2.3 environment.

-John Havlik

[end of transmission, stay tuned]

Tagged: ,
Updated:

Breadcrumb Navigation XT 1.10.0

Now with 100% more tags. That’s right, WordPres 2.3 is right around the metaphorical corner, and in preparation Breadcrumb Navigation XT 1.10.0 is now safe for general consumption. Support for the Simple Tagging Plugin was dropped in favor of the WordPress 2.3 taxonomy scheme. Additional changes include some bug fixes with those combobox setting selectors in the administration interface and some code fix ups to use the WordPress API in a more consistent manner when dealing with taxonomy. Remember that this may cause PHP indigestion problems for WordPress 2.2 or earlier. The old version (1.9.x) will remain available for one month. However, version 1.9.x will no longer be supported one week after WordPress 2.3 is released.

-John Havlik

[end of transmission, stay tuned]

Make Your List,

Check it twice, find out whether your plug-ins are Naughty or Nice. Only days remain until WordPress 2.3 graces us with its presence. Due to some quite major changes in the database regarding categories and links, many plug-ins that directly accessed the database in the past will break. Some misbehave to the extent of crashing Apache on your web server. A big-time offender here is Extended Live Archives. While writing Breadcrumb Navigation XT 1.10.0, I spent some time testing various components of my blog in WP2.3. I also managed to update Berry to support tags (partially, as will be visible once WP 2.3 is out).

-John Havlik

[end of transmission, stay tuned]

Updated:

Breadcrumb NavXT and WordPress 2.3

This week WordPress 2.3-RC1 will be released. As it is a release candidate, it will more-or-less be what will be released next week. That being said, I will be testing the current plug-in for compatibility (minus tags). Should everything work fine there will be no need to migrate to a newer version to remain compatible with WordPress 2.3. Some schedule conflicts will force me to push off the re-writing of Breadcrumb Navigation XT for 2.0. Instead for 2.0, I will add support for archives by tags (really the only new thing to add for tag compatibility), and do a little code cleanup in preparation for a major overhaul in a future version (maybe 2.1 or 2.2). At that time an additional navigation related plug-in will be released, and Breadcrumb Navigation XT will be renamed Breadcrumb NavXT, and become part of the “NavXT” plug-in suite.

-John Havlik

[end of transmission, stay tuned]

Updated: