The Oracle of Apollo Snippets from the life of Apollo Lee

Apr 29, 2008 - 21:04

Personal, Technology, Web

Keep WordPress Updated

This website has been loading quite slow lately. I found some weird stuff in the code from before I recently upgraded to WordPress 2.5. In the header of this blog was <div id=”_wp-footer”> and a bunch of stuff I didn’t put there.

I started googling around and found a couple of interesting blog posts, one of which was posted in December. Roberto Galoppini reports on the WordPress Spam Injection exploit.

Decoding it with base64_decode came out that such code calls an external javascript that pastes on the fly some spam links in the page, writing also in the option field strings of this form rss_*…

<gulp />

I checked my database:
SELECT option_value FROM wp_options WHERE option_name LIKE "rss%";

2271 lines match.

I’ve removed all of those and upgraded this blog to WordPress 2.5.1. Naturally, since I was scheduled to run 5 km tonight and since I wanted to get this taken care of while I was thinking about it, my Google ping times were over 2500 ms the whole night and it took about 90 minutes to upload the five megabytes that comprise WP 2.5.1. Thanks, Comcast.

Since it’s already after 10, I might as well get the rest of my blogs updated as well. Better to catch the ones nobody reads before they get removed from Technorati and Google Blogsearch like this one did.

Moral of the story:



Posted by
Apr 30, 2008 - 13:04

Me: Oh yeah WP updated again.
You: I only bother with the major updates.

Well I’m sure this isn’t the only time you’ve inserted your foot into your mouth.

Posted by
Jay Def
Apr 30, 2008 - 14:04

Hmmmm…this frightens me. I probably have those hacks as well, and I don’t know how to check for them.

Posted by
Apr 30, 2008 - 14:04

@Oz: I flunk at life.

Posted by
Apr 30, 2008 - 15:04

@Jay Def: Your web host has phpMyAdmin installed in cPanel. Click on the button that lets you run SQL statements, and put this line in the blank:

SELECT option_value FROM wp_options WHERE option_name LIKE "rss%";

If it returns no lines, you’re good.

I removed them manually from my mySQL database, 200 or so at a time.

Leave a Comment