Comments for Tech Ravings

Comment on Passing Arguments between Python Decorators by ScottK

ScottK — Sat, 26 Jul 2008 12:50:47 +0000

Yeah the indention requirements are difficult. I’ve found that switching between editors to make changes causes problems because of each ones auto indention rules.

I have figured out how to make the editor here maintain the indention on posts and have corrected the code.

Comment on Passing Arguments between Python Decorators by Jadd

Jadd — Tue, 01 Jul 2008 16:26:41 +0000

This is an example of why python sucks. All the example code won’t work, because the whitespace has been deleted. It’s up to you to guess how to intend the code, there are no braces to help you. Thanks for the post

Comment on Setting Up Environments in CherryPy by ScottK

ScottK — Tue, 24 Jun 2008 01:07:14 +0000

Robert,

I’m reaaallllyyy starting to like CherryPy. I’ve figured out the config files and even ditched the whole routes.py file. Thanks, for passing over the link and I hope to have another post up this weekend including RESTful routing and formatting as well.

Comment on Setting Up Environments in CherryPy by Robert Brewer

Robert Brewer — Mon, 23 Jun 2008 16:57:07 +0000

This should help: http://www.cherrypy.org/changeset/1987

Comment on This hijacking is getting stupid! by ScottK

ScottK — Tue, 06 May 2008 23:46:13 +0000

@CR Dick, here is the listing of events on how I figured it out.

1. Alerted by mouseclone
2. Verified an iframe was within the textual source code of the web page via view source, and not a page debugger.
3. Checked the post in question, I checked it in the Wordpress post editor in code tab (This is what pissed me off, see below)
4. Having not found the iframe in the code view of the wordpress editor I checked the raw database outside of anything web or wordpress. Sure enough it was there.

So that means many Wordpress sites can be affested but not detected unless viewing the source, or checking the raw results of the database. This blog is version 2.3 and my newest blog is v 2.5 but not really popular enough to “suffer” the attacks.

Now just for an update to this story. The abuse email is invalid and returns user not found. About the time of the database injection a major break of Internet Information Servers from China was implemented.

the JavaScript archetecture of the attacks smells like what may have happened here. I was not able to find a breached IIS server to verify the JavaScript though.

To answer your question, this was a complete breach of admin security that allowed an existing post to be updated in the database. Not a third party widget or template that manipulated the DOM. I’ve always enjoyed Wordpress but it’s getting to the point that even I am thinking of just writing my own software and locking it down hard.

Comment on This hijacking is getting stupid! by CR Dick

CR Dick — Tue, 06 May 2008 22:17:35 +0000

I am seriously seriously considering migrating my “mixed bag” blog on blogspot to wordpress and breaking it out into targeted category blogs. However I’ve had rumors that 2.5 isn’t entirely secure. This seemed like all they wanted to do was hack some pointers to theirself into your blog, but they could do a lot worse if they can do that. Even Scott Kveton (who is extremely knowledgeable) had his wordpress hacked.

People use words like iframe and injection rather liberally without really knowing what it is. Are you saying you had an iframe in a template which was fed by some external code blurp and the external code blurp had turned into something bad in the database? Do you know at what level this occurred. Was it a database row containing site blurps?

Comment on This hijacking is getting stupid! by Chelle

Chelle — Wed, 23 Apr 2008 02:49:14 +0000

I would not even know where to begin on something like that! I have heard a lot of people are putting this stuff in themes if you download them from various sites instead of the actual theme creators…I’ve also heard it helps to change your “file attributes” - certain numbers put you at risk somehow? I don’t really understand it and unfortunately can’t find the useful how-to I originally read about it on Codex…I can change mine using Filezilla, not sure if that works for everyone though. Please let us know if you figure it out!!

Comment on This hijacking is getting stupid! by ScottK

ScottK — Sun, 20 Apr 2008 11:55:03 +0000

@Rina, the first time this happened was only a month ago but not with iframe. If you’re on 2.5 and I’m on 2.3 then it appears to be a new security vulnerability in the Wordpress core that has just been discovered.

Comment on This hijacking is getting stupid! by diary of a mad woman » Last Chances

diary of a mad woman » Last Chances — Sun, 20 Apr 2008 04:55:46 +0000

[…] I’ve had to clear out every last post because of yet another ridiculous iframe hack. This isn’t the worst thing in the world, but the hacks are getting ridiculous here. […]

Comment on This hijacking is getting stupid! by Rina

Rina — Sun, 20 Apr 2008 03:02:27 +0000

Oh, darn, belatedly… I meant to add that I AM using 2.5, and I know that the hijack wasn’t there when I upgraded, so I don’t think the version is so much the culprit THIS time. That said, can’t say 2.3 was any safer, either.