WordPress Under Attack

Note: followup to this entry here

A couple of weeks ago, a good friend of mine who runs a number of WordPress blogs received an email from Google. The email told him that Google had delisted his entire site from its search engines for pharmacy spam.

Now, his site is a collection of short stories and blogs about movies he’s making, with sections about filmmaking and special effects on the cheap, so the notion that it was being used to distribute pharmacy spam was a bit…surprising. Especially when the site appeared just fine to anyone who visited it.

I offered to take a look at the site, and what I found is a complex, rapidly-evolving attack against WordPress installations that’s highly sophisticated, difficult to detect, and difficult to defend against. It is currently exploiting the most up-to-date version of WordPress with all current patches applied, and as of the time of this writing it’s still ongoing.


When my friend was first notified of being delisted from Google, he looked at his site using an FTP program. One of the very first things he noticed is that the WordPress install directories had all been duplicated, with the duplicates having “.old” appended to the name.

Careful examination of each WordPress install folder and its corresponding .old folder revealed a difference in a key file called “post-template.php”, which is part of the core of WordPress and lives in the WordPress wp-includes directory. This file is responsible for taking a blog entry from the database, formatting it, and passing it along to the template.

As of WordPress 3.2.1, the post-template.php file is supposed to be 42,164 bytes long. The post-template.php file in the hacked installs was more than twice as big–89,524 bytes long. I took a look inside the modified post-template.php file and found that it had been extensively modified by the addition of a great deal of heavily obfuscated code.

Cut for detailed technical analysis of the modified WordPress file

Linky-Links: Sex, Polyamory, Tech, and Humor edition

It’s time for another massive collection of links, so I can close some of my browser windows and reclaim a whole bunch of RAM on this computer. Today’s list is heavy on sex, tech, and humor, making it different from any other linky-links post in exactly zero ways, I suppose.

Sex

From New Scientist magazine, we have the article Sex on the brain: Orgasms unlock altered consciousness. It discusses fMRI scans of a volunteer who masturbated to orgasm inside an fMRI scanner while the experimenters recorded her brain activity. If I had the budget, this is the sort of science I’d be doing.

The Sexacademic blog gives us a story titled Explaining Porn Watching With Science!, which talks about the neurochemical pathways active during porn watching, and along the way debunks some lurid, sensationalistic pop culture ideas about “sex addiction”.

On Sexonomics is an article Porn by the Numbers 5: On feminist porn. The myth that porn, or “mainstream” porn (whatever that is), never shows women in a positive light and is never aimed at a female audience is as enduring as the legend of Bigfoot. I was recently at a Science Pub, in fact, in which an otherwise sex-positive sociologist decried the portrayal of women in “mainstream” porn. The argument became neatly circular later when she said that “mainstream” porn is that which portrays women negatively. The fact that someone with a doctorate in sociology can think about something in such an intellectually sloppy way testifies, I think, to how emotional the subject of porn (and especially feminist porn) is.


Society and rape

Speaking of feminist issues, some time ago a prominent female blogger was approached by a stranger in an elevator at a convention. Said stranger asked her to go back to his room with him. She blogged about the incident and why it was inappropriate, and provoked a firestorm that many of you Gentle Readers are probably aware of. Her thesis is pretty simple: Lots of women are sexually assaulted; if you want a positive response from women, don’t approach them in ways that would make sexual assault easy.

A lot of men–including some men that I know personally and otherwise find to be basically reasonable people–flipped out about that, and started wailing nonsense like “Feminists think all men are raaaaaaapists!” Which is total bunk; what’s being said is that SOME men are rapists, but rapists don’t wear special T-shirts or have a secret handshake that identifies them, so if you’re being approached by some strange guy you have no way to know if he’s likely to assault you or not. That means being aware that a strange dude you meet might be willing to assault you. (The defensive, “you’re saying all men are rapists” response from a lot of guys is similar to the sort of response you see in US society when you try to talk about institutional racism; people who think “Well, I’m not a rapist” or “Well, I’m not a racist” become so reactionary when they hear what might sound like an accusation that they refuse to discuss rape or race in any sort of rational way.)

All that is a longwinded introduction to the next two links, The first, Women in Elevators: A Man To Man Talk For The Menz, talks about the reasons that women can be suspicious of being approached by strangers. Not every dog is aggressive, but nearly everyone feels some trepidation when approached by a strange dog, because there’s no easy way to tell dogs that bite from dogs that don’t. I’m sure somebody somewhere will be upset and insulted by a metaphor about dogs (“You’re saying all men are dogs!”), but if that’s the case, that dude probably can’t be educated.

And second, for the dudes who say “Well, women should just say so if they don’t want to be approached!” we have Another post about rape. This one talks about how women (and men, to be fair, though to a lesser extent) are strongly socialized not to say “no,” not to assert boundaries, and not to upset people. It is, I think, a toxic set of social values, but that’s a whole ‘nother blog post. The point is, simply asserting a boundary carries a social cost. (This is why I think the idea of affirmative consent, adding “only yes means yes” to the idea of “no means no,” is so important, as I’ve talked about before.)


Polyamory

For quite a while now, people have been bugging me to find a new home for my polyamory pages that until now have livedo n my site at www.xeromag.com. I’ve finally built a new site for them, More Than Two. I’ve blogged the new link before, but f you haven’t taken a look recently, you should. There’s now an RSS feed of new articles, and some new content has been posted.

On the Polytical blog is this excellent essay, I’m Better ‘Cos I’m Poly. Anyone who is openly out about being poly has probably at some point or another been labeled as “smug” or “arrogant” about it, most often by someone who identifies as monogamous. This essay is an excellent deconstruction of the “smug poly” stereotype.


Geek Humor

First up, we have these very funny Sci-Fi Ikea Manuals. What would happen if light sabers were real? Or the Tardis was something you could get at Ikea? What would the assembly instructions look like? Apparently, in order to put together an Ikea light saber, you must first have your hand chopped off by Darth Vader.

Our travel down the surrealist path continues with Ride the Gummi Worm, Muad’Dib, a diorama of a scene from Dune done with Gummi Bears and a gigantic Gummi Worm.


Do-It-Yourself Science!

I have blogged in the past about using and Arduino mocrocontroller board to make sex toys. For folks who think that sounds like a good idea but aren’t sure how to use or program an Arduino, there is a comic book introduction to Arduino, which you can download as a PDF. If you don’t have a background in electronics or microcontrollers but you want to build your own Arduino projects, this is a great way to get started.

Speaking of Ikea, which I was a bit earlier, for those of oyu who are photography buffs comes this guide to building a cheap time lapse panning unit using only things you can get at Ikea.

And from the Department of Mad Science So Preposterous it Just Might Work comes the story of a high school student who rigged a camera and GPS transponder to a bunch of garbage bags, filled them with helium, and let them go. This is a really cool science project done on a tiny budget and with really fun results.


Science

Over at New Scientist is this awesome article, Sky survey maps distant universe in 3D. The universe isn’t shaped like you think it is, and now a group of researchers are working on building what is by far the highest-resolution map of the physical universe yet undertaken…in 3D!

The Department of Unclear on the Concept

It’s likely that most folks reading this are aware of the Occupy Wall Street movement. It’s kind of the flip side of the American Tea Party movement;. The Tea Party is a bunch of mostly middle-class people who love and cherish the superrich and believe that the superrich, being such wonderful people and all, should be exempt from paying the same tax that the working class pays and should otherwise be given all sorts of concessions so that they can make more money. The Occupy Wall Street folks, on the other hand, embrace the heretical notion that taxes on the superrich should be increased so that the very wealthiest people are paying sixty percent of the taxes that the middle class pays, instead of fifty percent of the taxes that the middle class pays…even if it means that some of the world’s richest people might have to postpone purchasing that five-million-dollar yacht for a few weeks because of it.

I’m generally sympathetic to the Occupy Wall Street protesters, though there’s at least one of them who simply doesn’t appear to Get It…nor to have a functioning sense of irony. He argues that the mainstream media lies or distorts truth to protect the interests of the wealthy and powerful, which it arguably does…so his response is to, err, do the same thing. And when he gets called on it over on TimParkinson.net, hilarity ensues. Read the comments to get the full effect; there’s even a followup here.