YBO Interactive Blog

Google up inurl:wp-content/1/ [Warning: just google it up, don’t visit any of the site in the search results. They are full of activeX viruses!]. This is what I see now:

What you see is a list of sites that were hacked through the latest WordPress Vulnerability that allows hackers to insert spam into your blog.

This is just great. WordPress is the most common blog software out there, and at this minute there are over 90,000 website that were spammed (still counting…) I’m sure that most of these sites owners never heard of this exploit and some of them will probably never will. The damage is enormous. This exploit made them look like spammers in Google eyes, and Google like Google - She never forgets anything. If you are a spammer, you are out of the index in one second.

In my opinion, the best way to deal with these hacks is Active Network Scanning. This kind of services are usually provided by an external company that scans your site for vulnerabilities on a daily basis (like Hacker Safe, but better). Once a new vulnerability is discovered to the world, it is automatically added to their scanning system and is tested on your site. This can definately help you sleep better.

Life shows that there is no way your web site can be safe. It is just the nature of software that it is full of holes. If only you scan your website for vulnerabilities, at least you know about it on time and hope there is something you can do about it…

Important comment: if you are not in this list, it does not mean that you are safe. There are lots of other URLS that were used for this attack… This IS fun!

update: (April 12 2008): Checked again the list, and it seems like most of the hacked pages were removed from Google’s index. It DOES NOT mean that the vulnerability is fixed, it just means that Google had identified that these pages as pages that should be ignored and removed from the index. This is semi good news for those that were hacked and afraid their ranking will go kaput. Just semi because they are still vulnerable and will surly be attacked again in the next wave…

It seems like the number of WordPress vulnerabilities is growing constantly. The most popular blogging software that exists is becoming a huge security hole. In fact, this post is written with Wordpress and it feels less secure than ever. This makes me think about moving my blog to blogger or wordpress hosting site, instead of fighting the patches on my own server.

I’m using Google analytics quite a lot on every site I work on. Recently we had a problem at one of my customers sites, where the marketing people working in that company were browsing their website all day, searching in Google their website keywords again and again, and made Google Analytics reports become unreliable. There were so many visits in the reports that were not real customers but our own staff, that we didn’t really know which part of the report was real and which part was our own tracks.

Like in every crime scene, we just needed our guys to put on gloves before touching everything…

The solution was very simple.

1. We created a file called disable_analytcis.php

<?php
SetCookie(”disable_analytics”,”1″ ,time()+91536000,”/”);
echo “Yuhu!, Google analytics is disabled!”;
?>

2. In the site footer, next to the Google analytics code, we added this:

<?
if (!empty($_COOKIE[’disable_analytics’]))
{
echo “Google analytics is disabled”;
}
else
{
?>
//put google analytics code here…
<?
}
?>

That was easy. The hard part was to send the link to disable_analytics.php to all the sales and marketing in that company and ask them to click on the link. They ALL wanted to know exactly WTF is going on here… are we spying on them? yes? no? what do you mean Google keeps track??? anonymous? who authorized this…

Once everybody got their cookie, our statistics cleared up. Real client analytics emerged and logs turned useful again. When you do it on your site, make sure your cookie gets to all computers, home computers, laptops and any computer that you don’t want to track.

update: (Thanks Pieter!)
Google offers cookie based filters, as described in Google Analytics Help Center:
Create an Exclude filter to remove data from visitors with this cookie. Follow these instructions to create a filter with the following settings:
Filter Type: Custom filter > Exclude
Filter Field: User Defined
Filter Pattern: disable_analytics
Case Sensitive: No

I guess you all heard about goolag, the new Vulnerability Scanner that uses Google as their engine. I think it is fantastic. There are very creative people out there, Very. The thing is, I’m not so sure if I would trust them to keep me safe. I think that if you are looking for a commercial service, you should look for a vulnerability scanner that is running by a commercial company that is working for this only. I can’t depend on volunteers that update the open source software, to wake up in the morning, clean the empty cokes and pizza trays off their keyboard and keep me safe. For a personal family site, or for a non commercial site, this is fine, but if you need a real vulnerability assessment I think you should pay for your pleasure and have your network scanned by people that do that for living.

How cool is that! I think it is brilliant.

You have to admit that this is very creative, Very!

Will Google block it?
Do they care more about their gmail user experience or the income from this ad?

I’m not sure…

(found this image here)