-
-
Since early 2007 I been monitoring this famous WordPress spam injection that only target high PR wordpress blogs like Al gore, blake ross, bluehost CEO to name a few. PHP create_function()
The new variant from wordpress.net.in & qwetro.com used the “anonymous PHP create_function” to append their spam links on their victim blog. Below is quick patch to disabled the mischievous “create_function” injection on wp_head.
The below code will look for “�lambda_n” function inside wp_head wp_filters array and remove the action hook silently. I assume that any sane developer will never used this unstable PHP function.
/** * Remove create_function action hook * append on wordpress wp_head filters * * @author Avice De'véreux <ck@kaizeku.com> * @copyright Copyright (c) 2006 Avice De'véreux * @version 1.0 * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License * @link http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/ */ function remove_create_function_action() { global $wp_filter; $action_ref = 'wp_head'; $filter = $wp_filter[$action_ref]; $_lambda = array(); foreach(range(1,10) as $priority){ if (isset($filter[$priority])) { foreach($filter[$priority] as $registered_filter ){ $callback = (string) $registered_filter['function']; if ( preg_match("/lambda/", $callback) ) { $_lambda[$priority][] = $callback; } } } } if ( count($_lambda) >= 0 ){ foreach($_lambda as $priority => $callback) { if ( has_filter($action_ref,$callback) ){ remove_filter($action_ref, $callback, $priority, 1); } } } } add_action('init','remove_create_function_action');note: This method only disabled the spam link from showing on your blog header. it wont fixed your blog vulnerabilities. your blog still owned thought. Tips → http://wordpress.org/download/
Download
Related Articles
-
7 Responsesto “goro spam injection patch”
Many times, I have caught your comments on Weblog Tools Collection. You have me stumped alright. You are a genius with lotsa style just like your gravatar.
[Reply]merci, i take that as compliment.
[Reply]I know it’s a dumb question, but where do I put this code?
[Reply]@philip - you add it inside functions.php in your theme.
[Reply]Thanks, you sure are a geek girl (compliment).
[Reply]The machine or address that initiated the transfer of the spam mail to the injection point is considered to be the source of the spam by most well-informed spam-analysis tools. The operator of this machine or address is considered to be responsible for having sent the spam, or else for having negligently allowed it to be sent by others.
[Reply]Assuming that you aren’t a desperate SEM, your comment doesn’t make any sense others than keywords related. good luck
[Reply]If you want to comment, please read the following guidelines. These are designed to protect you and other users of the site.
In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines. Feel free to engage, ask questions, and tell us what you are thinking! insightful comments are most welcomed.
Subscribe to this discussion via RSS
Taxonomy
Most used terms