Comments on: New WordPress Hack Inserts Hidden Text http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/ Sports News - Tech Reviews - Entertainment - Life Tips for EveryJoe Thu, 03 Dec 2009 12:09:16 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Increase Search Engine Ranking http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/comment-page-1/#comment-168960 Increase Search Engine Ranking Mon, 20 Jul 2009 18:12:23 +0000 http://www.techsideup.com/wordpress-hack-inserts-hidden-text/#comment-168960 I would highly recommend ASL (available at the GotRoot.com website). Say hi to Scott for me. Pramudita, If your hosting provider doesn't run mod_sec, then do you really think it's a good idea to be with them? (nothing personal Dreamhost, I am sure your security is fine). This should be addressed by your provider Pramudita, you shouldn't be even having to worry about it. Go visit AtomicRocketTurtle.com and ask around for which providers are best suited for hosting your type of application. Always start your search for a provider based on what application you are going to run and then go from there. I would highly recommend ASL (available at the GotRoot.com website). Say hi to Scott for me.

Pramudita,

If your hosting provider doesn’t run mod_sec, then do you really think it’s a good idea to be with them? (nothing personal Dreamhost, I am sure your security is fine). This should be addressed by your provider Pramudita, you shouldn’t be even having to worry about it.

Go visit AtomicRocketTurtle.com and ask around for which providers are best suited for hosting your type of application. Always start your search for a provider based on what application you are going to run and then go from there.

]]> By: Michael Shinn http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/comment-page-1/#comment-41429 Michael Shinn Mon, 19 May 2008 13:42:15 +0000 http://www.techsideup.com/wordpress-hack-inserts-hidden-text/#comment-41429 Hmmm... what do if you cant install and your system does not have mod_security installed... I might be able to tweak this for mod_rewrite. I'll have to do some experimenting later today to see what can be done with other tools. In the mean time, see if you can encourage your ISP to install mod_security and I'll see what I can come up with for mod_rewrite. Hmmm… what do if you cant install and your system does not have mod_security installed…

I might be able to tweak this for mod_rewrite. I’ll have to do some experimenting later today to see what can be done with other tools. In the mean time, see if you can encourage your ISP to install mod_security and I’ll see what I can come up with for mod_rewrite.

]]> By: erdal sahin http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/comment-page-1/#comment-41430 erdal sahin Mon, 19 May 2008 08:40:47 +0000 http://www.techsideup.com/wordpress-hack-inserts-hidden-text/#comment-41430 thanks michael for sharing this article thanks michael for sharing this article

]]> By: Pramudita http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/comment-page-1/#comment-41358 Pramudita Mon, 12 May 2008 17:55:55 +0000 http://www.techsideup.com/wordpress-hack-inserts-hidden-text/#comment-41358 Michael, how to use that rule for my wordpress blog ?. I can't install mod_security on server (dreamhost) Thank You Michael, how to use that rule for my wordpress blog ?. I can’t install mod_security on server (dreamhost)

Thank You

]]> By: Mike Abundo http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/comment-page-1/#comment-41459 Mike Abundo Fri, 25 Apr 2008 06:11:59 +0000 http://www.techsideup.com/wordpress-hack-inserts-hidden-text/#comment-41459 Awesome. Thanks, Michael! :) Awesome. Thanks, Michael! :)

]]> By: Michael Shinn http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/comment-page-1/#comment-41456 Michael Shinn Thu, 24 Apr 2008 22:14:32 +0000 http://www.techsideup.com/wordpress-hack-inserts-hidden-text/#comment-41456 I've written a modsecurity rule to help prevent this. You can download it (and other rules) from the GotRoot Website, or you can just use this rule: #Rule 300055: Hidden spam links #examples: # #overflow:auto;width:0;height:0 SecRule REQUEST_BODY|ARGS "< ?font style ?= ?(position ?\: ?absolute|overflow ?\: ?(?:hidden|auto)).*(?:height|width) ?(?:=|\:) ?[0-9] ?(px|\;)" \ "t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:300056,rev:1,severity:2,msg:'Spam: Hidden Text Exploit'" I’ve written a modsecurity rule to help prevent this. You can download it (and other rules) from the GotRoot Website, or you can just use this rule:

#Rule 300055: Hidden spam links
#examples:
#
#overflow:auto;width:0;height:0
SecRule REQUEST_BODY|ARGS “< ?font style ?= ?(position ?\: ?absolute|overflow ?\: ?(?:hidden|auto)).*(?:height|width) ?(?:=|\:) ?[0-9] ?(px|\;)” \
“t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:300056,rev:1,severity:2,msg:’Spam: Hidden Text Exploit’”

]]> By: WordPress Hack Epidemic! http://www.everyjoe.com/articles/wordpress-hack-inserts-hidden-text-608/comment-page-1/#comment-41541 WordPress Hack Epidemic! Wed, 09 Apr 2008 07:31:51 +0000 http://www.techsideup.com/wordpress-hack-inserts-hidden-text/#comment-41541 [...] WordPress hidden text exploit I blogged earlier has exploded to epidemic proportions, hitting even big sites like ZDNet. The worst part: [...] [...] WordPress hidden text exploit I blogged earlier has exploded to epidemic proportions, hitting even big sites like ZDNet. The worst part: [...]

]]>