goro spam injection patchremote injection

    • Jun
    • 14
    • 2008

    goro spam injection patch

    Posted by Avice.

    Filed under Black Hat¸ WordPress & plugins.

    5 months, 1 week ago

    goro spam injectionSince early 2007 I been monitoring this famous WordPress spam injection that only target high PR wordpress blogs like Al gore, blake ross, bluehost CEO to name a few.

    PHP create_function()

    The new variant from wordpress.net.in & qwetro.com used the “anonymous PHP create_function” to append their spam links on their victim blog. Below is quick patch to disabled the mischievous “create_function” injection on wp_head.

    The below code will look for “�lambda_n” function inside wp_head wp_filters array and remove the action hook silently. I assume that any sane developer will never used this unstable PHP function.

    /**
 * Remove create_function action hook
 * append on wordpress wp_head filters
 *
 * @author Avice De'véreux <ck@kaizeku.com>
 * @copyright Copyright (c) 2006 Avice De'véreux
 * @version 1.0
 * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
 * @link http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/
 */
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();

	foreach(range(1,10) as $priority){

		if (isset($filter[$priority]))
		{
			foreach($filter[$priority] as $registered_filter ){

				$callback = (string) $registered_filter['function'];

				if ( preg_match("/lambda/", $callback) ) {
		 	 		$_lambda[$priority][] = $callback;
				}
			}

		}
	}

	if ( count($_lambda) >= 0 ){

		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);
			}
		}
	}
}

add_action('init','remove_create_function_action');

    note: This method only disabled the spam link from showing on your blog header. it wont fixed your blog vulnerabilities. your blog still owned thought. Tips → http://wordpress.org/download/

    Download

    Related Articles
    About the Author
     

    Avice is a technologist with over a decade of experience in Web development and design. She has far too many interests for her own good.she is probably the most stalkable girl on earth -- and the least interesting, which is a good fit. 

    Tags:
    • June 14, 2008 at 6:58 pm
    • October 30, 2008 at 10:54 am
    • url

5 Responsesto “goro spam injection patch”

Comment page 1 of 1
    • amolpatil2k's photoamolpatil2k
    • RE: goro spam injection patch
      5 months, 1 week ago on at 10:54 pm3url · microId
      5916
      Many times, I have caught your comments on Weblog Tools Collection. You have me stumped alright. You are a genius with lotsa style just like your gravatar.

      Reply

    • stalker's photo Kaizeku Ban
    • RE: goro spam injection patch - 'Commenting Guidlines' ↓
      5 months, 1 week ago on Saturday, June 14th, 2008 at 6:58 pm 5 url
      0%

      If you want to comment, please read the following guidelines.These are designed to protect you and other users of the site.

      1. Be relevant: Your comment should be a thoughtful contribution to the subject of the entry. Keep your comments constructive and polite.
      2. No advertising or spamming: Do not use the comment feature to promote commercial entities/products, affiliates services or websites. You are allowed to post a link as long as it's relevant to the entry.
      3. Keep within the law: Do not link to offensive or illegal content websites. Do not make any defamatory or disparaging comments which might damage the reputation of a person or organisation.
      4. Privacy: Do not post any personal information relating to yourself or anyone else - (ie: address, place of employment, telephone or mobile number or email address).

      In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines. Feel free to engage, ask questions, and tell us what you are thinking! insightful comments are most welcomed.

RSS feed for comments in this post

"write as if you were talking to a good friend (in front of your mother)."

.haveyoursay

    • Email will not be published.

Disclaimer: For any content that you post, you hereby grant to Kaizeku Ban the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.

Wp-iStalker WordPress ThemestopCopyright © 2007 - 2008 Kaizeku Ban.