What does it do?

The hack causes a file to be uploaded to one of your plugin directories and masks itself as a language template file (pot). So far I have seen it hiding within All in one SEO pack and Si Captcha plugins but there are more! Within the file is a huge amount of garbage that looks to be rubbish. In actual fact it’s all valid php code but nonsense in the form of massive nested ternary IF statements using Hex codes as the condition and action parts. The point is, of course, to make the file look encrypted whilst actually masking a single function. This function simply calls a single row from the wp_options table, selects a portion of the data, reverses it runs it.

The second part of the hack is as follows… The database row that the above file decodes is stored on wp_options with an option_name of rss_ followed by a long number… again an attempt to make it look genuine. Within the row is a serialised string containing what looks like valid data but with a huge encoded section in the middle. To the trained eye it’s known to be a base64 encoded string, however, the twist is that the string and corresponding ‘eval’ statement are reversed and therefore running base64_decode won’t work out of the box.

When reversed and run, it’s a chunk of php with yet more base64 encoding inside but this time the correct way round! The end result is that it’s both a shell and a mysql browser allowing anyone knowing the correct URL parameters to gain access to both your file system and database(s).

Scary huh! Anything else…

Sadly yes! Most sites are reporting a new user in their users table with administrative rights sometimes called ‘amin’, other times having a … in it and other times completely hidden. I have read that the username is actually a huge amount of JS code which hides itself. Fairly clever to give the author of this hack credit where it’s due!

Next other sites are reporting some dodgy iFrames showing up in their posts. This is, apparently the extent of the problem however with complete access to your database and file structure they could be a lot more malicious.

Is there a fix?

Yep… Rackspace are, apparently, doing their best to fix the problem whilst not (at the time of writing and to my knowledge) taking responsibility for the problem. I am told that the site setup has been blamed and permissions of 777 have been mentioned. Again, all speculation so best go read up at more official sources.

So other than Rackspace sorting it you can do any of the following…

• Remove any spurious rows from wp_options where there is a large encoded block in the value field. You should be looking for anything with an option name of rss_…. where … is a large number.
• Remove the user ‘amin’ or anything with ‘…’ inside it from your database and change any passwords. The hack can NOT give the hacker your admin password so don’t worry but it’s best to change it just in case. There are always ways!
• Check your plugin files for anything that looks odd. The file that I have seen has the ending .H.bak.pot or something similar. Bear in mind that .h is a library file, .bak is a text backup file and .pot is a language file. Neither .h nor .bak have any business on a Wordpress site.

How can I stop this sort of thing from happening again?

You technically can’t but there are a couple of things to help you out…

• Backup your site files and database regularly (where regularly is more frequent than once a month or just relying on your provider to do them!)
• Turn off PHP commands like EXEC and EVAL. Anything that gives the PHP script access to your filesystem. It will definitely cause problems with plugins and sites but it’s the price we pay for safety
• Make sure your permissions are all correct and check them regularly.
• Check plugins before uploading them, a simple check in files for eval or exec should do it but it depends on how fussy you want to be!

That’s it for me… there are loads of blogs about detailing more about the problem and I understand the threat to be several days old now. Still worth knowing isn’t it!

Current plans include a whole new website just for the Your Members plugin to house things like… wait for it… documentation and a proper list of the things it can actually do! We have recently released YM version 1.6 which is the best version yet! We hope to get some feedback and tweets to the new YM Twitter account for things that you, the community, would like to see and then get the next version out to you sometime in the next couple of months.

Any questions about the plugin, the project or Glenns vital statistics then you can get in touch with us at newmedias.co.uk or use my site contact form and we shall get back to you.

However, one of the sites we were shown was Amazon and it shows the users having trouble getting around. I have to ask myself exactly how on earth Amazon makes money at all when people are obviously struggling to find what they want, or worse, find what they want but can’t work out how to pay for the thing!

I have started looking at websites in a new light now and often refuse to buy anything from a site that I deem to be unworthy of my custom. It sounds a little bit odd for me to say that but I honestly do think twice about getting out my wallet if it takes me longer than I want to spend finding the items in the first place.

I would almost be inclined to start a black list of sites that, in my opinion, were badly designed but before long it would be unmaintainable

What, however, I will do is comment on a few sites that I do get along with and tell you why…

#1 Google
I was introduced to Google in 2001 when I was at college and my lecturers suggested they use it because of the distinct lack of advertising. This, of course, has now changed and Google has a colossal advertising network. Let me ask you this though… does it get in the way of your browsing? I say no it doesn’t and the clean cut and fast interface they provide is exactly what I want to see.

#2 eBay & Paypal
I have been using eBay and Paypal for years as I am sure most of Europe and the US have been as well. I find the interface on eBay inkeeping with the ‘fun’ theme of the dutch auction and the clean lines of Paypal when you come to actually hand over your money a refreshing contrast. Would you really want to hand over your card details on a site that looks like a child has written it? eBay offers a good and intuitive search functionality but also excellent browsing and viewing product pages.

#3 Apple
I may be criticised for saying this but I think that apple also have the right idea with regard to their site design. Design, of course, is something that Apple have grown up with and have continued to excel at through the ages. I find the homepage to be a no nonsense view of what they want you to see (which at the moment is the new iPad (a big iPod in my opinion.. not a great deal of product design elaboration there!)). The shop is non contentional but you always manage to find your product and get it into your shopping cart with no problems.

#4 Facebook
To start, I hate facebook… It is one of those sites that just ropes people in to basically live until the shelf life runs out and they move onto something else. They are managing to keep ahead of (or in conjunction with) Twitter quite well at the moment but then the sites have somewhat different core strengths. However, my hatred aside, you really have to give it to them that the design of the site, the navigation and the speed are all pretty good indeed. The use of Ajax and Javascript are a credit to the site and the user experience is a good one indeed.

#5 Bing
I don’t use the search engine at all to be honest as I am firmly a Google man (stubborn really if anything else) however, one has to appreciate the front page of Bing. Instead of going the Google route and showing nothing or the Yahoo route and showing everything they have shown interesting bits of information about random things. The picture in the background changes frequently (much like Googles header image) and the hotspots on the image give interesting information about the scene and it’s contents. I like this method of not being forced to swallow news (or worse, wait for it to load!) that I don’t want to see but providing me with an interesting picture with the opportunity to easily get more information. Well done Microsoft on your first half decent search engine page!

The list could go on and on but I have things to do. Please do feel free to add your own likes and dislikes to my list. The point was to highlight the fact that design and placement of a website is often not as important to some people as it should be. These examples are sites whom I think have done it properly. Copying them is not the best thing to do at all but use them as an inspiration to guide you in making the right decisions for your own homepages.

Firstly a real well done to The Hodge for organising such a fantastic event. The quality of speaker and diversity in the talks made for a really interesting day. My only wish was that there would have been more time and more speakers. Not a criticism really but by the time you have watched one or two talks you realise you could sit there all day and absorb information from the guys that are up there doing their stuff.

I was really only there to help out however the actual delegates all seemed to be getting on well and networking with each other. It was a little sad watching a room full of grown ups (mainly men) sitting ‘playing’ on their iPhones ‘Tweeting’ through the entire thing but that is kind of expected given the nature of the event. This, however, was cleverly exploited when the delegates were asked to ‘Tweet’ in questions for the ‘panel show’ which amused everyone around the half way mark.

My personal favourite talk was on usability studies using eye tracking techniques to record the unconscious interest of the brain. It kind of confirmed that amazons site design is rubbish and that you can design sites to hide content you don’t want the user to red right in the middle of the screen. There were also numerous Wordpress talks which proved interesting indeed. Joost De Valk for one, although not the most inspirational speaker, had some good ideas to talk about and plans for great things to come.

To conclude briefly a great time was had by all, friends were made, business cards exchanged and geeky (and some non geeky) brains were picked. So thanks once again to Dom for organising the event and all the speakers/delegates for making it such a good event. I imagine everyone is now really looking forward (and saving up for) Think Visibility 3 which I beleive is in March 2010 (keep an eye on The Hodges site for more info).

Think Visibility describes itself as a series of conferences on “the things that usually get left behind in the web design process“. I wasn’t fortunate enough to attend the first event but am very much looking forward to this one.

Speakers include Rob Manuel (The guy that helped found b3ta), Joost de Valk whom I know as a very popular Wordpress Developer, Tim Nash (some bloke), The Hodge himself and many more.

Visit www.thinkvisibility.co.uk to read more about the event and buy your ticket. Use the coupon code TIMNASH to get £20 off the price.

Tim Nash is also hosting a pre-event talk for all those interested on the Friday. Visit his blog here for more information but rest assured that any meetup with Tim is always eventful!

Now go buy a ticket and I shall see you there!

• Add a new Wordpress Page custom template and put your code in there (no security holes but severely limited in its uses)
• Add a new plugin to allow PHP code to be embedded into post content

Obviously I have gone with the plugin method for its increased flexibility and portability but I must mention before we go any further that it makes use of the PHP exec command. As you may well know this allows the user two run ANY code they like and this plugin merely facilitates that by adding it to Wordpress. There are, however, so many more plus points for this type of ability so it’s an acceptable risk (to me ).

The plugin uses the Wordpress shortcode API (so no horrible regular expressions) to add a new hook into the content of a post or page. Any content encapsulated in the hook is considered to be PHP code and will be executed every time that page or post is shown. The plugin can easily handle smart quotes and HTML so there is no need to use the HTML tab within the post edit page like some other plugins require you to do.

Usage

To use the plugin you simply use [sb_php][/sb_php] and put PHP code between the hooks as follows:

[sb_php]echo 'this is PHP code';[/sb_php]

will output:

this is PHP code

Download: SB Post PHP (408 bytes)

I have used Simplepress Forum as it installs like a plugin unlike BBPress which is separate and is a pain to integrate.

Feel free to ask me anything, I get a few emails about Google Map API and Geocoding. If you prefer not to speak on a public forum then my email address is barton.sean@gmail.com

Update: Binned it because I decided SimplePress was rubbish

It is now freely available to download on the Session Manager download and information page.

Give it a try and let me know what you think!

I think the above paragraph from www.newmedias.co.uk gives a good indication of what it does but it doesn’t really do it justice.

YourMembers allows you to set subscription levels for your blog so some posts are available to some but not others. It allows you to sell individual posts at set prices if you want to or even a combination of the two options if you like. ie: if a post is available only to premium members then you can also set it purchasable so others can purchase them.

I am currently in the process of integrating digital delivery of files through this system so a purchasable post can have a file as part of its content. I am also working on a Wordpress MU version of the plugin.

Keep your eye on www.newmedias.co.uk for more information

UPDATE: Of course you will be pleased to hear that YourMembers is now available at newmedias.co.uk. From now until the 10th July 2008 there will be a $20 reduction in cost available by way of a voucher (Details on the website)

All i can say is, feedback appreciated.

Sean