Category: Administration

Administration

PrefBlog Hacked!

My query

A similar query

A good explanation. I had one of these. I took the call to “wp_footer()” out of my footer.php file, and that stopped that nonsense. I couldn’t find any of the files noted in this articles example; I can only hope it gets weeded out on a re-install.

An even better explanation … I got one of those “active_ plugins”, but the option value is “a:0:{}”. I have no idea what it means … it looks like a placeholder. What I do have is one with “option_name” equal to “wp_links”, with the “freemacwareDOTcom” address conspicuously highlighted. This was causing popups on closure. I have uploaded the value of the memo field for scientific purposes. NOTE: I removed all of the left-angle brackets (“<") from this file to disable the code. Not indexed by Technocrati … How wonderful! Now I’ll have to reinstall the current version of WordPress and cross my fingers that I can still understand it!

Capturing $_POST commands … I just might try this, you know. PrefBlog has been under heavy attack lately by spam comments.

So anyway … my apologies to all readers who have been inconvenienced – or simply puzzled – by the recent popups. Please let me know of any odd behavior by PrefBlog (I mean odd behavior that is system-related, of course!) in the future and I’ll be that much quicker tracking things down.

Update, 2008-8-16: The database has a table, wp_postmeta, which tracks attachments. One record in this table has the values: meta_id=8474, post_id=2181, meta_key = ‘_wp_attached_file’, meta_value=’/services1/webpages/p/r/prefblog.com
/public//../../../../../../../../../../../../../../../../../tmp/10bum.txt’

There is also: meta_id=8472, post_id=2180, meta_key = ‘__wp_attached_file’, meta_value = ‘/services1/webpages/p/r/prefblog.com
/public//../../../../../../../../../../../../../../../../../tmp/2newbum.txt’

These records have been removed.

I have also deleted some entries in the wp_posts table. As far as I can make out from the WordPress codex the value of ‘post_parent’ should reference a ‘post_id’ in the same table, which are all positive integers.

After noting some odd entries, I queried the database: ‘select * from wp_posts where post_parent < 0' and came up with seven records. Two have post_parent set to numbers that are large and negative; the 'guid' field indicates that this is stuff that I did, in fact, upload but somehow screwed up. The remaining 5 records all have post_parent set to -1, with 'guid' having a variety of values: the first one, with 'post_modifed' = '2008-03-25 05:26:58' has 'guid' = 'http://www.prefblog.com
//../../../../../../../../../../../../../../../../../tmp/3rbsmag.txt’. The other entries are similar, with filenames 10bum.txt (three times) and 2newbum.txt.

All these records have been deleted. Note that with these long field values, I have added a HTML line-break to make the full field look nice on this post.

I note that the first of these highly suspicious entries occurred within a week of my WP 2.3.3 installation! I have requested database validation for forthcoming releases of WordPress.

Update, 2008-8-16: Problems with the file 3rbsmag.txt have been discussed on WordPress.

Administration

Warning Regarding Links in Spam Comments

This blog – like most blogs, I assume – is constantly under attack by spammers posting comments to my posts.

These comments are deleted regularly, but it is impossible to guarantee that the blog will be 100% spam-free at all times.

Such spam will normally be obvious – it will have nothing to do with the post and generally be offering “news” about a pharmaceutical. Often, there will be no links in the post itself – the only clickable item in the post will be the user name.

Do not click such links! They often lead to web pages with self-loading trojans, worms, viruses and other ‘Net Nastiness.

Administration

Comment Moderation Policy

By posting a comment to this site, you are assigning all rights to your comments to Hymas Investment Management Inc. including, without restriction, the right to republish or delete these comments.

 I encourage commentary, criticism and questions, asking only that language be parliamentary. Users who are repeatedly abusive, either to myself, my associates or to other commenters may be banned.

 It is my intention to moderate with a light hand, but lightness is in the eye of the beholder. Those who are furious with my decisions and outraged at deletion of their comments are encouraged to start their own blog.

Update 2007-01-30 : It should be noted that the blogging software I use gives me the ability to specify words and phrases, the use of which can lead to a comment being “held for moderation” or simply deleted, untouched by human hand. These words and phrases usually relate to consumer goods … anybody with more than two minutes experience on the Internet will know the type of thing. However, one perfectly honest commenter ran afoul of the “too many links” rule, it being one of spam’s hallmarks that there are often a large number of links.

Your comment should appear immediately. If not, then please contact me and I will revise my lists … maybe!

Administration

Privacy Policy

An eMail address is required in order to register to comment on this site; it is highly recommended that this be the user’s usual eMail (rather than a one-time account) as this will be the address to which new passwords for the user will be sent upon request.

New passwords for old user names will not normally be sent to new eMail addresses.

 Hymas Investment Management Inc. will use the list of eMail addresses thus collected only with respect to site operations and will not allow access to this list unless required to do so by a court of law.

As noted in the Comment Moderation Policy, by posting comments to this site you are granting all rights to these comments, without reservation, to Hymas Investment Management Inc.

Administration

Legal Notice and Disclaimer

This website is owned and operated by Hymas Investment Management Inc. (“HIMI”).  You may use it only if you agree, without modification, to the terms and conditions of use set forth below.  Please read these terms and conditions carefully before continuing to use this website.

No Investment Advice or Recommendation

The views expressed herein should not be construed as constituting investment, legal or tax advice to any investor, nor as an offer or solicitation of an offer to buy or sell any of the securities mentioned herein.  Such views are provided for informational purposes only, and neither HIMI nor any of its directors, officers or shareholders accept any liability for investment decisions which are based upon the information contained or views expressed herein.  Investment decisions based upon the information contained in this website are the sole responsibility of the investor and are made at the investor’s own risk.  Particular investments and investing strategies should be evaluated relative to each investor’s individual financial situation, investment objectives and risk tolerances, among other factors, and this evaluation should be made by the investor in conjunction with his or her investment and other appropriate advisors.

Declaration of Interest

HIMI and its directors, officers and shareholders may from time to time hold long or short positions in the securities discussed in this website, either on their own behalf or on behalf of individual client accounts or investment funds managed by HIMI.

Bases for Analysis and Modification

The statements and analyses published in this website are based on material believed by HIMI to be reliable, but can not be guaranteed to accurate or complete, and such materials could include technical inaccuracies or typographical errors.  Materials in the website may change over time, or be affected by new information or market or issuer developments occurring after their respective dates of posting, and such changes could in turn cause HIMI to modify the statements, analyses and views provided in this website.  Such modifications may not always be, or be immediately, reflected herein, as HIMI undertakes no obligation to maintain the currency of such materials.

Restrictions on Use

Users of this website may not copy, reproduce, republish, upload, post, transmit or distribute in any way material from this website in any manner which is inconsistent with the purposes for which it is provided.  No user may collect or store personal data about any other user of this website.  Users may not upload, e-mail or otherwise transmit any material that contains viruses or any other computer code, files or programs that might interrupt, limit or interfere with the functionality of any computer software or hardware that is owned, leased or used by HIMI.

Operational Disclaimer

HIMI endeavours to maintain this website and its operations but is not, and cannot be held, responsible for the results of any defects that may exist in it or its operation.  HIMI expressly disclaims all warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose.  HIMI makes no warranty that the operation of this website will meet the requirements of any particular user, or that access to this website will be uninterrupted, timely, secure, free from viruses or other harmful components, or free of errors.  Users, and not HIMI, assume the entire cost of all service and repair or corrections that may be necessary for your computer equipment and software as a result of any viruses, errors or other problems that you may experience as result of visiting this website.

Limitation of Liability

Under no circumstances shall HIMI be liable for any damages or losses, including any direct, special, incidental, consequential or punitive damages, that may result from the use of, or the inability to use, the materials in this website, whether based on an action in contract, or in negligence or other tortuous actions, arising out of or in connection with the use of the information provided in this website.  HIMI shall not be liable even if it, or its directors, officers or shareholders, have been specifically advised of the possibility of such damages.

Applicable law may not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages.  Accordingly, some of the above limitations or exclusions may not apply to you.  However, in no event shall HIMI’s total liability to a user for damages, losses and causes of action (whether in contract, tort, or otherwise) exceed the amount paid by the user, if any, for accessing this website.