WordPress Security: Nulled Scripts and the CryptoPHP Infection

wflogoIt seems that our good friends at Wordfence Security have come across some very important security information from Fox-IT in the Netherlands about WordPress (also affecting Drupal and Joomla), Nulled Scripts, and a security hole dubbed CryptoPHP included in infected themes and plugins. This security hole effectively turns infected websites into botnet slaves, it’s really very fascinating. Take a look, if you work with WordPress, Joomla, Drupal or PHP at all or are just curious you ought to read it. It’s a well written article and very interesting, check it out.

Shotened URL: http://solarum.com/v.php?l=1420wb71

Manage Your WordPress Sites With WP Remote

WP RemoteOK boys and girls, by now you all know that I don’t get paid to push a product or service (not yet anyway, call me!), so if I post about one up here it’s because I use it personally, or second hand through a customer or I have checked it out and have knowledge of it. I do not recommend things I don’t know about or haven’t tried. You also know that anything I promote I do so because I like it and feel that it does some good for people, is worth the cost, and overall is a good value.

All that being said, I cannot say enough good things about WP Remote, a service for managing WordPress websites. I know there is a debate going on out there in cyber land about what service is better than whatever and I am not going to get into that. I made my choice and I stand by it, I like WP Remote and I like the way they do things. I host a bunch of WordPress blogs among many other sites (Want me to host your blog? Contact me!), and it was kind of a pain keeping up with all of the updates for WordPress itself, plus all of the plugins, themes and whatnot. So I went out and checked out all of the different management and support services for WordPress and I decided that WP Remote was the best for me. So far I love the service and I have no desire whatsoever to go anywhere else.

I say all of this because hopefully I can help someone else out there decide what to do, I recommend WP Remote whole heartedly! It’s a great service, it’s free for the basic management and updating of your sites, and you can give them money if you want to go up a notch to the premium service which includes backups and automated updates and email alerts and all sorts of cool things. If you have more than one or two WordPress sites to take care of, you really ought to check it out. It won’t hurt anything and it’s free to try it out, I bet once you see how much time you save by using WP Remote, you’ll be hooked like me! Check em out!

Check out some good common sense blog security tips

Image: Hacker Inside LogoI couldn’t have said it much better myself, so I decided to link to this article rather than write my own version of it. Although, I might write a follow up that gets a little more in depth or something. However, that’s for another day, for now check out this post on the site “Spice Up Your Blog” where the author goes over “5 Ways Your Blog’s Design Is Making You Susceptible To A Hacker”.

Now this isn’t just for server operators, it focuses on things that also make a difference to those that run their own blog too. This is because a “Hacker”, or maybe a visitor with malicious intent, can wreak havoc on your blog even without touching the rest of the server. If they can get access to your database for example, you can kiss all of your posts, pages and pretty much everything else goodbye if they are feeling especially destructive. Even if they don’t destroy your data, they can post things on your blog that you don’t want, like advertisements; porn; we own you messages; what have you. Even worse, is when your site gets compromised and no one knows it. In these cases the hackers can do all sorts of fun things. One especially nasty trick I have seen is when they plant a virus alongside your sites files and then append a small bit of code to your pages so that your visitors get infected, talk about your reputation plummeting faster than a stone tossed out a window.

With all this in mind, take a look at the following page and see if any of the things they talk about there sound like they might be up your alley. It pays to be careful, I hope this helps!

5 Ways Your Blog’s Design Is Making You Susceptible To A Hacker

 

New Version Of WordPress Is Out

Look alive there folks, WordPress has released an update to their web publishing platform.  Version 2.8.1 is live and it seems like a quick and easy upgrade.  In case you haven’t tried WordPress lately (or at all), or haven’t upgraded in a few versions, they now have built in the capability to upgrade not only plugins, but also the whole distro right through the point and click admin panel or dahsboard.  You need an FTP account somewhere to make the magic happen, but most people running a web site have that, and if not they are easy to come by.  So far, I have had great success with their automatic upgrade features, both for plugins and WordPress itself.  Being who I am I was very skeptical at first, but it’s actually worked wonderfully so I thought I would share.  Now, get out there and get to upgrading.  Unlike some other software entities that add more bugs and security holes than they fix, the guys and gals at WordPress actually imrpove the software with each new release.  Let me know what you think, post a comment and share your opinion.

WordPress Template Tip

I just ran into an interesting little ripple in WordPress when trying to create a new page using a template.  The problem was that I had no option to choose a template, it just wasn’t there at all.  Took some cypherin’ on Google, but I found it.  It was my theme.  I switched to the default theme and there it was.  I picked my template and then switched my theme back.  Hope this helps!

64-bit Linux Running Google Gears In Firefox

Description and Problem:

Google Gears is a plug-in that extends your browser to create a richer platform for web applications. There are many Web applications that currently make use of Google Gears. Some of these include Google Docs, Google Reader, MySpace, Picasa, Zoho and (the reason for this post) now even WordPress. Google Gears, or simply just Gears as it is now known, not only enables offline browsing of supported sites, but it can also greatly improve the performance of these sites and web applications like WordPress. This makes working with supported web applications much nicer.

Now, my problem (and many others of you out there) has been that I am running 64-bit Ubuntu (8.04 Hardy Heron) and Google has not made a 64-bit version of their Gears software. They cite lack of time and testing resources, but my guess is it’s not that important to them since there probably aren’t too many 64-bit users out there. Luckilly for us, Gears is an open source project. This is now a prime example of the beauty of open source software, in that some really smart people created an “unofficial” patch that allows you to install and run Gears on 64-bit Linux in Firefox. In my case it’s Ubuntu and Firefox 3.x, but I have read folk that have had success with SuSE and others as well. It only took me about five minutes once I found the patch.

Here are the steps I took to get this installed, up and running:

Grab the latest version of the Gears binary that has been patched for 64bit at http://www-personal.umich.edu/~swolchok/gears/, I used this command:

wget http://www-personal.umich.edu/~swolchok/gears/gears-linux-opt-0.4.9.0.xpi

Open Firefox and choose File->Open File and browse to where you saved the file you just downloaded. It should open an install window, you want to press the “Install Now” button to start the install.

Once the install is complete, press the “Restart Firefox” button to restart Firefox and complete the installation.

Summary:

For me, upon the initial restart, I got an error about this addon not being compatible with my architecture. Despite that it seems to work fine, and I haven’t gotten any more errors since then, so I would suggest you simply ignore that error.

Lastly, go to a site that is supported, add it to Gears and enjoy! If you have any questions or comments, post ’em below.