the tim thumb google warnings and hack attacks solution

Posted on August 25, 2011 by admin

Google  showing you site as malicious or infected and spreading malware . The tim thumb  vulnerability must have been exploited on your blog .

Malware warnings by google  counter wordpress on your blog

Here is what you can do to get this fixed

To prevent your site from being blocked and restored to normal do the following

  1. Remove all old plugins and themes you aren’t using.
  2. Upgrade all your plugins and themes to the latest versions and make sure none of them use an old version of Timthumb.
  3. Clean any Timthumb cache directories.
  4. Upgrade your entire wordpress installation, even if it’s at the latest version. This overwrites all wordpress files.
  5. Search your directory tree for any remaining suspicious files that contain base64_decode wrapped in an eval() statement or URL encoded data. More info on how to do this search here. Delete any files you find. NOTE: If you don’t find any additional infected files in this step, it’s highly likely that your site is not clean. Every attack that I’ve seen so far using Timthumb gets in by uploading a file into the cache directory and then uploads an additional file into a writeable directory on the blog to ensure continued access once the cache is cleaned. Make sure you find that additional file.
  6. Make sure the only directory that is writeable in your wordpress installation is wp-content/. Directories like wp-admin and wp-includes should be read only by the web server.

Links for fixing your website  :

http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/

You can grab the latest TimThumb.php code here:

http://timthumb.googlecode.com/svn/trunk/timthumb.php

http://25yearsofprogramming.com/blog/20071223.htm

http://wordpress.org/support/topic/malware-counter-wordpresscom-warning-on-chrome

http://www.nixta.co.uk/2011/08/news-major-wordpress-hack-via-timthumb-upgrade-immediately/

To repair a blocked site

    1. complete the steps above
    2. request a relisting through Google webmaster tools. info on being relisted here
    3. the process takes 24 hours to be cleaned.
    4. You can find out more about Google’s Malware list and safe browsing report on this page.

If you site has been hacked due to the tim thumb vulnerability its quite likely that Google must be blocking your site when you view it through chrome browser  and you see the following 2 images below

If you try to visit your site, you are confronted with the following image:

“This site may harm your computer”

These sites are listed with the warning that “This site may harm your computer” in Google’s search results and Google blocks access to the site with a warning forcing you to manually type the URL into your location bar if you really do want to visit the site:

Plugin affected  by timthumb attack IGIT Related posts

IGIT Related Posts With Thumb Image After Posts version 3.9.7 with WordPress 3.2.1 is vulnerable to phpRemoteView Attack. 2 of client’s site were compromised recently. We checked it thoroughly and found IGIT plugin is the source of injection. More details here

Some sites have been repeatedly hacked with backdoors placed on the server. Malware entry: MW:ANOMALY:SP7 can be seen on some . It places an EVAL script in many places throughout sites.

There have been instances of the files from the theme getting infected with malware code, especially files like: index.php, footer.php. Sometimes  the real culprit is hiding in the htaccess file in the root folder. Basically, the hacker rewrites the file with mod_rewrites that redirect to Russian sites.

Check the htaccess file (for those not in the know, select the option view hidden files in your ftp software, get rid of the dot at the beginning, download and open in a text editor. When you make changes and upload, don’t forget to rename back to .htaccess).

At first, it looks normal, but if you scroll down or to the right, you see whole bunch of rewrite conditions, pointing to some hacker site, or whatever.

Here’s a WP forum post on the issue. Goes into more detail.
http://wordpress.org/support/topic/plugin-add-link-to-facebook-links-are-hijacked-to-softwarepromoru

Also found an extra file in the theme script folder that didn’t belong there. Deleted it. Deleted them. Then checked every plugin that was active against freshly downloaded copies of the plugin. Found 3 extra files in the Akismet folder that didn’t belong there.

Basically, then replace your WP and theme files, delete anything not in use (themes, plugins: Basically, harden your site. See WordPress advice on it:
http://codex.wordpress.org/FAQ_My_site_was_hacked

 

 

Posted in attack, googie, google, google australia | Tagged , , , | Leave a comment

Eror – adshownow.com/jquery-1.5.2.min by chrome

Posted on August 11, 2011 by admin

This seems to be new  and spreading

rogue chrome scareware_riser

I noticed this pop up today  when i opened up a website in chrome browser

adshownow.com/jquery-1.5.2.min

 

My avg virus scanner   decided this a  harmful code and flagged it as  

"Exploit Rogue Scanner (type 1292)"

 

Any help would be  Nice !! anyone

I ve seen a  similar report here

Posted in 2010, gnome | Tagged , , | Leave a comment

Softpedia Linux Weekly, Issue 154

Posted on July 2, 2011 by otherblogs

Welcome to the 154th issue of Softpedia Linux Weekly!

The following Linux-based operating systems have been announced last week: PCLinuxOS KDE 2011.6, Vinux 3.2, Linux Mint 11 LXDE RC and Mandriva 2011 RC1. In other news: The KDE developers unleashed the Release Candidate version of the upcoming KDE Software Compilation 4.7 environment; the Free S… (read more)

Posted in amazon australia shop, Budget Websites, Build website australia, cheap webdesign, ebay australia, Global, Perth Website company, Powerpoint Posts | Tagged , , , , , | Leave a comment

Best Apps for Android, July 2011

Posted on July 2, 2011 by otherblogs

thumbnail

Check out the latest and greatest in apps for your Android smartphone with our monthly app roundup.

Posted in amazon australia shop, Budget Websites, Build website australia, cheap webdesign, ebay australia, Perth Website company, Powerpoint Posts | Tagged , , , , , | Leave a comment

Skeptical UK bestseller about the paranormal can’t find US publisher, goes self-published

Posted on July 2, 2011 by otherblogs


Richard sez, “Best-selling author Richard Wiseman’s latest book, Paranormality, takes a skeptical look at the paranormal and examines what seemingly supernatural phenomena tell us about our brains, beliefs and behavior. The book is doing well in the UK and has been picked up by lots of overseas publishers. However, no major American publisher made a serious offer for it, saying that there was no market for a skeptical book about the paranormal. As an exciting experiment, Wiseman has just released the book himself on Kindle, promoting it as ‘the book that they don’t want you to read’. About 80% of Americans think that they have had a paranormal experience. Maybe it’s time they had an opportunity to hear the other side of the story.”

Paranormality launches in the USA….and the Friday Puzzle!

(Thanks, Richard!)






Posted in amazon australia shop, book, Budget Websites, Build website australia, Business, cheap webdesign, ebay australia, ebook, paranormal, Perth Website company, Powerpoint Posts, publishing, skeptic | Tagged , , , , , | Leave a comment

"No Endorsement" — aligning the interests of creators and fans

Posted on July 2, 2011 by otherblogs

My latest Locus column, “No Endorsement,” talks about how print-on-demand, 3D printers, and other technologies that make products available when people want them change the economics of fannish activity, fan art, and homemade merchandise. I propose a “”No Endorsement” badge that fans could use that indicates, “The creator of the work from which is this derived hasn’t reviewed or approved this; but s/he is still getting a piece of the action.”

Here’s how that could work: tens, hundreds or thousands of fans with interesting ideas for commercially adapting my works could create as many products as they could imagine and offer them for sale through i.Materialise or Shapeways. There’s no cost – apart from time – associated with this step. No one has to guess how many of these products the market will demand and produce and warehouse them in anticipation of demand. Each product bears the ”no endorsement” mark, which tells you, the buyer, that I haven’t reviewed or approved of the product, and if it’s tasteless or stupid or ugly, it’s no reflection of my own ideas. This relieves me of the duty to bless or damn the enthusiastic creations of my fans.

But it also cuts me in for a piece of the action should a fan hit on a win. If your action figure hits the jackpot and generates lots of orders, I get paid, too. At any time, we have the option of renegotiating the deal: ”You’re selling so many of these things, why don’t we knock my take back to ten percent and see if we can’t get more customers in the door?” Setting the initial royalty high creates an incentive to come to me for a better deal for really successful projects.

No Endorsement






Posted in 3dprinting, amazon australia shop, Budget Websites, Build website australia, Business, cheap webdesign, ebay australia, Perth Website company, Powerpoint Posts, printondemand, publishing | Tagged , , , , , | Leave a comment

Peruvian TV station owners held out for bribes that were 100X larger than those received by judges

Posted on July 2, 2011 by otherblogs


The Fall, 2004 issue of the Journal of Economic Perspectives carried a fascinating analysis of the relative bribability of different elements in governance and reporting, based on the records of the Peruvian secret police under Fujimori, during their concerted effort to subvert government, the judiciary, and the press (all while drawing millions in payments from the US government, due to their “antiterrorist” stance, used to fund the bribery campaigns):

Which of the democratic checks and balances – opposition parties, the judiciary, a free press – is the most forceful? Peru has the full set of democratic institutions. In the 1990s, the secret-police chief Montesinos systematically undermined them all with bribes. We quantify the checks using the bribe prices. Montesinos paid television-channel owners about 100 times what he paid judges and politicians. One single television channel’s bribe was five times larger than the total of the opposition politicians’ bribes. By revealed preference, the strongest check on the government’s power was the news media.

How to Subvert Democracy: Montesinos in Peru

(Thanks, Paul!)






Posted in amazon australia shop, bribery, Budget Websites, Build website australia, Business, cheap webdesign, corruption, ebay australia, economics, foreignpolicy, history, Perth Website company, peru, Powerpoint Posts, scholarship | Tagged , , , , , | Leave a comment