Blog Archives

Massive Number Websites in Botnet

Massive Number of Hacked USA Websites Participate in WordPress Botnet Attack

website botnet thumbnail imageFor the past couple of days we’ve been watching a customers WordPress site being attacked by a botnet of websites trying to access site admin with user name “admin” and a variety of simple passwords.

Most of these attacks are coming from USA based web hosting services. One particular top level service provider, Provo Unified Layer, stands out above the rest as the most hacked network. Many 2nd tier providers use Provo Unified Layer infrastructure including Bluehost and Hostmonster. Of the hosts using Provo Unified Layer infrastructure, Bluehost is ahead of the pack in having hosted sites participating in the botnet. (Read more about Bluehost and the Botnet).

Read the rest of this entry

Advertisements

CartPress Sends no-cache Headers

WordPress Plugin News Feed Stops Website Caching

It’s hard to believthecartpress sends no-cache headers icone a simple news feed from the CartPress e-commerce plugin for WordPress prevents WordPress from caching pages. This is apparently what happened to a website recently.

We received a request for assistance for a WordPress e-commerce site with this problem. The owner read our article; Fastest WordPress Caching System – and asked if we thought it would overcome a problem with his site. We explained this system wasn’t suitable for e-commerce.

Read the rest of this entry

Roubaix Ovh Systems

Roubaix Ovh Systems – Most Dangerous Host?

ovh systems france graphic

Is Roubaix Ovh Systems, a hosting and Internet Service Provider in France, one of the most dangerous ISPs and hosts in the world? We could be justified in thinking so. At least out of ISPs and hosting companies in the Western economic zone, outside of former Soviet Union states.

When you see a spambot active on your site, a hacking attempt, or a trackback spammer, there’s a pretty good chance it’s coming from an IP registered to Roubaix Ovh Systems, or another Ovh Systems IP.

Roubaix Ovh Systems Banned on Sight

We (Graphicline Web & Technology) have seen so much bad activity from IPs traced back to Roubaix Ovh Systems we now ban all their IPs as soon as I find them. Activity from all other OVH Systems networks are watched carefully

Read the rest of this entry

Website Down for Visitor Safety

Website Offline after DoS Attack

My Drupal website, graphicline.co.za, remains offline today following yesterdays JavaScript injection / denial of service attack. I decided to take the site offline to ensure the safety of visitors while I check the site for any malware. My hosting service technicians are also examining the server for any possible faults or configuration problems. Other sites on sub-domains of graphicline.co.za were affected at times, and further disruptions of service are expected.

website affline after dos attack graphic imageThe DoS (denial of service) attack began in the early hours of January 24 2012 and continued for nearly 2 hours. During this time thousands of attempts were made to inject JavaScript redirect code into the website (there are too many related entries in the log to count). Although initial inspection showed no successful hack, I felt it prudent to take the site down until certain no malware or other bad stuff had been included.

Read the rest of this entry

Auto Hyperlinks

Now we Get Auto Hyperlinks – Bad News

wordpress.com automatic hyperlinks thumbnail imageText gets turned into hyperlinks automatically. I just discovered this annoying thing that’s part of the latest version of WordPress used by WordPress.com – WordPress 3.5. Type the text for a URL and the darn thing turns into a hyperlink when published. That’s right, you don’t have to click on the link function in the editor, so no options to add target info and title… No options not to create the hyperlink…  Arrgghhh!

Maybe it’s handy for the terminally lazy, but it’s bad news for SEO. And what about the bloggers who write about malware and bad websites, and want to tell readers about these bad addresses? They don’t want visitors to click a hyperlink, just want to inform people about the bad address. With auto-hyperlinks the information becomes an active link!

For example, this hacker information “Exploit attempt on WordPress GD Star Rating plugin”

Read the rest of this entry

Banned IPs

Banning the Bad Hosts

banning bad ips bad boy iconI’m a no-compromise banner. It doesn’t take much effort to get an IP banned from my websites. A single bad event will normally be enough to block access to my sites from an IP address. Several attempts from a range of IP’s with a common service provider will get the entire IP range banned, the hostname or domain banned.

Currently there are about 700 entries in the banned list – representing millions of IPs, and the list gets longer daily. I cannot recall a day this year when at least one new bad IP was not added to the list.

Sharing the Bad IP Info

Mostly these IP’s were simply denied access, and no record was kept about the reason for the ban. At one time I started keeping a record, then lost interest and lacked time to continue. So I decided to start again, this time publishing the info where I can get to it, and other bloggers can also find the details. So now it’s published as a page on this blog…

button link to list of banned ips

Read the rest of this entry

Stop Timthumb Attacks at Server

Stop Timthumb Attacks Before WordPress

Stop timthumb attacks wordpress iconAll owners of busy, and not so busy, self-hosted WordPress sites and blogs will know all about timthumb scripting attacks on their site. If the site has the latest up to date version of the vulnerable files, that’s as far as the attack will go.

But constant timthumb attacks are still annoying and use up resources with 404 page not found responses.

Stop Timthumb Attacks at Front Door

Here’s a way to stop these annoying attacks at the front door, before they even get to WordPress. The following script shown below added to your website or blog .htaccess file will prevent nearly all timthumb RFI attacks from wasting server resources.

Read the rest of this entry

FreeWebMonitoring SiteChecker/0.1

Hacker Bot FreeWebMonitoring SiteChecker/0.1 Pays a Visit

Hacker Bot FreeWebMonitoring SiteChecker/0.1 iconBad bot “FreeWebMonitoring SiteChecker/0.1 (+http://www.freewebmonitoring.com)” paid a visit to one of my websites yesterday from IP address 184.107.201.242 which belongs to Canadian service provider: Canada Montreal Thst Golf Inc.

The full range of IP’s owned by Canada Montreal Thst Golf Inc. is 184.107.0.0 – 184.107.255.255

This bot is not the bot used by freewebmonitoring.com. Their bot is “FreeWebMonitoring SiteChecker/0.2 (+http://www.freewebmonitoring.com/bot.html)”

Read the rest of this entry

WPOnlineStore PHP Fatal Error ‘function.require’

Googlebot Error with WPOnlineStore Plugin

Googlebot triggers a PHP Fatal Error ‘function.require‘ error causing the bot to receive a “500” internal server error when trying to crawl the pages created by the WordPress WPOnlineStore plugin. In my previous post I mentioned this ongoing problem. Today I can provide some additional information.

The problem is not unique to my shop site; initial searches of the internet found only a few references to this problem. for the past two days the hosting company server engineers have been looking into the problem, unfortunately without any success. After disabling Apache mod_secure settings, which appeared to be causing the error, Googlebot still triggered this error.  As previously mentioned in Googlebot has Problems with WPOnlineStore, it is only Googlebot – and there lies the first clue.

Read the rest of this entry

Beware Panasonic Recorder Driver Downloads

Panasonic Recorder Driver Downloads are Malware

Drivers are simply not available online for most of the range of Panasonic digital audio recorders with model numbers rr-US***. Included are Panasonic rr-US430,  Panasonic rr-US450 and Panasonic rr-US500.

Although a quick Google for Panasonic driver rr-US450 or any of the models numbers mentioned will produce hundreds of search results, NONE of the links will lead the searcher to a driver file for this range of products. “Downloads for Panasonic DVC USB Driver” will produce the same negative result.

All of the links will eventually take you to one of a small handful of “download” sites. The majority will send you to Driver Guide (www.driverguide.com) and several mirror type sites that look the same and do the same.

Driverguide.com Fake Driver Software

Driver Guide (www.driverguide.com) packages are fakes and a way of spreading Babylon software. They do not have the required Panasonic Recorder driver in their packages, or even in their library. Claiming they do is false advertising. Driverguide.com should be blacklisted for distributing rubbish software under the guise of drivers for well-known products.

Read the rest of this entry