-
-
wordpress goro spam injection patch
Since early 2007 I been monitoring this famous WordPress spam injection that only target high PR wordpress blogs like Al gore, blake ross, bluehost CEO to name a few. PHP create_function()
The new variant from wordpress.net.in & qwetro.com used the “anonymous PHP create_function” to append their spam links on their victim blog. Below is quick patch to disabled the mischievous “create_function” injection on wp_head.
The below code will look for “�lambda_n” function inside wp_head wp_filters array and remove the action hook silently. I assume that any sane developer will never used this unstable PHP function.
/** * Remove create_function action hook * append on wordpress wp_head filters * * @author Avice De'véreux <ck@kaizeku.com> * @copyright Copyright (c) 2006 Avice De'véreux * @version 1.0 * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License * @link http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/ */ function remove_create_function_action() { global $wp_filter; $action_ref = 'wp_head'; $filter = $wp_filter[$action_ref]; $_lambda = array(); foreach(range(1,10) as $priority){ if (isset($filter[$priority])) { foreach($filter[$priority] as $registered_filter ){ $callback = (string) $registered_filter['function']; if ( preg_match("/lambda/", $callback) ) { $_lambda[$priority][] = $callback; } } } } if ( count($_lambda) >= 0 ){ foreach($_lambda as $priority => $callback) { if ( has_filter($action_ref,$callback) ){ remove_filter($action_ref, $callback, $priority, 1); } } } } add_action('init','remove_create_function_action');note: This method only disabled the spam link from showing on your blog header. it wont fixed your blog vulnerabilities. your blog still owned thought. Tips → http://wordpress.org/download/
Download
Related Articles
-
- June 14, 2008 at 6:58 pm
- July 1, 2008 at 3:53 am
- 0.3
- url
-
-
-
2 Responses to “goro spam injection patch”
Trackback URL: Use the TrackBack url ↑ to ping this article. If your blog does not support Trackbacks you might want to leave a comment instead.
-
-
"write as if you were talking to a good friend (in front of your mother)."
.haveyoursay
Disclaimer: For any content that you post, you hereby grant to Kaizeku Ban the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.
-
Many times, I have caught your comments on Weblog Tools Collection. You have me stumped alright. You are a genius with lotsa style just like your gravatar.
merci, i take that as compliment.