Published by Jord on 19 Nov 2007

Site got hacked

Update 20-02-2008:

Google does not allow this content here. Because the original text holds the name of the domain providing the advertisement, Google decided my site linked advertisement. Effectively Google is censoring my webpage and blogging about malware now seems to be impossible.

So the site got hacked. My nice little site was turned into a spam site for ‘mobile ring tones’. Ring tones are not something I would normally write about. So here is the information I could find about the whole event.

First thing to note: I was running on Wordpress 2.2.1. The current Wordpress version at this time of writing is 2.3.1, so the first thing I will do after creating this post is update to that version.

The posts include a couple of links: original text censored by Google (I had to remove the name of the site, let’s pretend it was an info site about some ringtones-top). If I go to that link it tells me that the offer is not available in my region and it redirects me to (finally) a company called original text censored by Google (again posting this name puts me in danger of being marked as a malware site, it was a company called perfspot). For completeness sake, I will include the result of whois for both websites:

Domain ID:D20274359-LRMS
Domain Name: censored by Google
Created On:17-Oct-2007 12:13:32 UTC
Last Updated On:17-Oct-2007 13:08:31 UTC
Expiration Date:17-Oct-2008 12:13:32 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:A73F200DAE57EC01
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard
Registrant Street1:8939 S. Sepulveda Blvd. #110 -
Registrant Street2:732
Registrant Street3:
Registrant City:Westchester
Registrant State/Province:CA
Registrant Postal Code:90045
Registrant Country:US
Registrant Phone:+1.6613102107
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:4648f2c48efd4542a673de6b8b59afed.protect@whoisguard.com

AND:

censored by Google
1275 W. Washington St.
Tempe, AZ 85281
US

Registrar: DOTSTER
Domain Name: censored by Google
Created on: 14-AUG-06
Expires on: 14-AUG-08
Last Updated on: 28-JUN-07

Administrative, Technical Contact:
,censored by Google support@censored by Google
censored by Google
1275 W. Washington St.
Tempe, AZ 85281
US
888-311-7373

It seems that not every registrant at whoisguard.com is just avoiding spam here…

So let’s search google for this issue. A combination of censored by Google and wordpress shows there is indeed an issue with the version of wordpress I am using.

Seems the spammers used a bug in theme.php and feed.php. My logfiles only last 6 days so I will probably not be able to find out who has been posting the stuff :-(

Site news

Published by Jord on 02 Jan 2006

Ebuilds

This information is here for historic purposes. I am not maintaining the ebuilds anymore and they will very probably not work on your system anyway.

With the current amount of ebuilds on my blog it might be hard to find each one of them. So I decided it is a good idea to have them all together.

Here is a list of the ebuilds you can find on my site (if you have questions or comments, please leave a comment with the ebuild):

  • Amarok-svn ebuild. This ebuild will build the latest Amarok (the music player for linux) version from subversion. You can�t be more up-to-date
  • Exscalibar ebuild. This ebuild enables the moodbar extension for Amarok
  • SmartDJ ebuilds. This set contains all the dependencies to install the SmartDJ plugin for Amarok

Here is a list of related ebuilds that are not hosted on my site and for which I don’t have any responsibility (so don’t mail me if they don’t work):

  • libgpod-cvs-0.4.0 ebuild. A CVS ebuild for ipod support maintained by Nathan. If you have questions concerning this ebuild please contact Nathan under: nathan at toonetown dot com

Enjoy.

Site news