Pwning WordPress for fun and profit

I have a love/hate relationship with WordPress.

Actually, that’s not true. I like WordPress rather a lot, and I wish that more open-source projects had the finish, polish, and sophistication of WordPress. I own about a half-dozen Web sites that run it, and I’m overall very fond of it.

What I don’t like is the number of people who set up a WordPress install, then walk away from it and never install any updates or security patches. WordPress is a popular target for hackers, because it’s widely deployed and easy to find, and because so, so many people don’t keep on top of updates.

Which, frankly, baffles me. It’s incredibly easy to update–easier, in fact, than any open-source server software I’ve ever used. You log in to the admin area. It tells you “There is an update. Click here to install the update.” You click one button. Bang, that’s it! There literally is nothing else you have to do.

So, anyway, today I found yet another phony bank phish in my email. The phish pretends to be an HSBC Bank page, and it attempts to trick the gullible into handing out their bank account number and password. So far, so bog-standard.

The URLs in this post are live at the time of this writing. They do not lead to malware sites, but they DO lead to phony bank phish sites.

The phish page in my email lives at

It’s a pretty bog-standard phish, a page living on a hacked server that collects personal financial information and then sends them off to the phishers via a php-to-email script.

The server that it lives on,, is hosted by and belongs to a guy named Simon Wright; his Whois details, including his email address, are protected by a privacy service.

The site itself is completely defaced. The defacement left a hole big enough to drive a truck through, and the phishers put the phony bank page on the site after the person or group who defaced it hacked it and left it wide open. EDIT: The site defacer, who goes by the name “NONE-STOP,” is also a phisher who sells stolen credit card numbers, stolen bank account login information, and other stolen identity information. More at the end of this post.

The front page of the hacked site, as of the time of this writing, looks like this (click for larger):

I haven’t heard of NONE.STOP, whoever he/she/they are; as near as I can tell, there’s only one other site defacement ( he/she/thay have claimed responsibility for.

Now is where it gets interesting, and where WordPress comes in.

Normally, when a site is defaced, the images that are used in the defacement are uploaded to the hacked server. Not in this case. In this case, the images used in the defacement are being remote loaded from another server.

A hacked WordPress install, that was set up a while ago, had a single test post added to it, and was abandoned.

Specifically, the images used in the defacement are being loaded from

and so on. The Web site is the one running the pwm3d WordPress, and it has been left alone; no defacement, no phishes, nothing. The person or group called NONE.STOP has simply created a hidden .index directory which is being used to store the pictures that he/she/they use when he/she/they deface other sites.

The site is hosted at Server Beach, and belongs to:


Whois Server Version 2.0

Registrar: GODADDY.COM, INC.
Whois Server:
Referral URL:
Name Server: NS1.GEODNS.NET
Name Server: NS2.GEODNS.NET
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 21-oct-2008
Creation Date: 19-oct-2005
Expiration Date: 19-oct-2010

NetVenture Technologies, Inc.
1490 S Military Trail
Suite 13E
West Palm Beach, Florida 33415
United States

Registered through:, Inc. (
Created on: 18-Oct-05
Expires on: 19-Oct-10
Last Updated on: 12-Jul-07

Administrative Contact:
DeVries, James
NetVenture Technologies, Inc.
1490 S Military Trail
Suite 13E
West Palm Beach, Florida 33415
United States
5613016666 Fax — 5618288035

Technical Contact:
DeVries, James
NetVenture Technologies, Inc.
1490 S Military Trail
Suite 13E
West Palm Beach, Florida 33415
United States
5613016666 Fax — 5618288035

Domain servers in listed order:

The Web site at

Folks, seriously, update your WordPress installs. It’s automatic and effortless.

The person who defaced the Web site and who is storing his images on hacked WordPress sites has a Web site of his own, through which he sells stolen credit card numbers, phish kits, stolen bank account information, and so on. His Web site is at
hosted by Hurricane Electric.


Whois Server Version 2.0

Domain Name: NE-STOP.COM
Whois Server:
Referral URL:
Name Server: NS1.HE.NET
Name Server: NS2.HE.NET
Name Server: NS3.HE.NET
Status: clientTransferProhibited
Updated Date: 12-jan-2010
Creation Date: 11-jan-2010
Expiration Date: 11-jan-2011

>>> Last update of whois database: Mon, 18 Jan 2010 07:57:57 UTC <<< Registration Service Provided By: Hurricane Electric Internet Services Contact: Visit: Domain name: Registrant Contact: Ladde Weiong Ladde Weiong () Fax: 125 Club Garden Road Sheffield, S11 8BW GB Administrative Contact: Hurricane Electric Internet Services Hostmaster ( +1.5105804100 Fax: 760 Mission Court Fremont, CA 94539 US Technical Contact: Hurricane Electric Internet Services Hostmaster ( +1.5105804100 Fax: 760 Mission Court Fremont, CA 94539 US Status: Locked Name Servers: Creation date: 11 Jan 2010 11:56:14 Expiration date: 11 Jan 2011 11:56:14 As of the time of this writing, the front page of the site looked like this (click for larger):

Some thoughts on “Avatar”

No, I’m not going to write a review of the movie. There are reviews already posted all over the place, and for the most part, anything I could write in a review has already been said. Gorgeous scenery, check; incredible CGI characters, check; plot that’s very similar to Dances with Wolves, check; incredible, nearly obsessive-compulsive attention to detail, check; oodles of money, check.

Instead, I’m going to talk about just one thing about the movie, that really has nothing to do with the plot or the characters or the story. But first, I need to back up a bit. And by “a bit,” I mean “about thirty-five years.”

Back when I was a kid, I used to watch a whole lot of Saturday morning TV fare. And one day, when I was probably about six or eight years old or so, I caught a TV program about a group of people exploring space in a spaceship. This was, and is, a subject dear to my heart, and is just about bound to get my attention, so I watched it.

In the show–I don’t remember what it was called–there was a scene in which the captain ordered the crew to change course, so the navigator got out a slide rule and started plotting a new course. Now, I was about six or eight at the time, as I’ve mentioned; I didn’t yet have my first computer (in fact, microcomputers were still quite some number of years away, which probably dates me); I’d never even seen a computer, though I’d heard of them and knew that they were the size of basketball courts and used punched paper cards.

And still, that scene felt jarringly, obviously wrong to me. I had no idea what a computer might be like, and could not have hoped to describe what a computerized spacecraft might look like, but I knew that in the future, if we had faster-than-light spacecraft and we were voyaging to the stars, we were not going to be using slide rules.

Early on in the movie Avatar, there’s a scene where the main character and several other newcomers to the planet load up onto a shuttle for their trip down to the surface. We see, very briefly, a shot of the shuttle’s flight deck as the flight crew fires it up and gets read to descend.

As the flight crew does their thing, the instruments come to life, surrounding the pilot with a holographic heads-up display of all this instrumentation and information. Later, as he makes his final approach, part of the heads-up display slides aside to give him an unobstructed view out the cockpit window. (I cant find a shot of that particular scene, more’s the pity.)

That is one of the places where this movie succeeds brilliantly, and it instantly makes every science-fiction movie that we’ve seen ’til now look like a bunch of blokes fumbling around with slide rules.

One of the things that separates good writing from bad writing is attention to detail. In the case of science fiction, one of the details that separates good writing from bad writing is an understanding of how people use technology.

Science fiction is not a good predictor of technology, of course; if the day comes when we have vehicles and spacecraft as capable as the ones in Avatar, they probably won’t look the same, and there will probably be all sorts of things the movie missed.

But on that day, I bet a shuttle pilot could watch Avatar and nod her head, and say “Yeah, I can see designing a cockpit like that,” without the same sort of jarring navigating-with-a-slide-rule thing I felt watching that TV show.

This is not true of most of the rest of science fiction. Take the new, “rebooted” Star Trek, for instance. The bridge of the Enterprise is pretty and all, but it seems to my eye to be lacking a certain…functionality.

Consoles that you have to stand behind. Flat, 2D control surfaces everywhere. Mechanical fixtures. Chairs without armrests. This is a set that was intended to be pretty, but was not designed with any sort of sense of how people in the future might actually use their technology. The first time I saw Avatar, that quick scene in the shuttle’s flight deck brought images of the Star Trek movie painfully to mind, and I cringed. There was an idea of “Yes, this makes sense, and why can’t other movies get this right?”

When I look at the bridge of the Enterprise now, it reminds me very strongly of the Lincoln Futura concept car, an outrageously expensive vehicle built in 1955 as a sort of exploration of how the future might go.

Apparently, the inability to think about how people interact with technology is not a failing unique to science fiction writers; the designers who thought this car up didn’t consider the possibility that perhaps two people who are riding together might want to…talk to each other.

Storytelling, especially science fiction, often succeeds or fails on the details, and in this particular case, these are details that Avatar does very well indeed.

False Advertising

So a few weeks back, zaiah and I went shopping, and found a bargain basement bin of B-movies (say that ten times fast!) for about five bucks each.

Some of the movies were cheesy old low-budget horror flicks that have been re-released on DVD by a company which uses a woman being ravished by a tentacle monster as their logo:

Now, I may be a purist, but I don’t think that anyone should be allowed to put a picture of a woman being ravished by a tentacle monster on the front cover of any DVD that does not actually contain scenes of a woman being ravished by a tentacle monster. That is DEFINITELY false advertising, it is.

I also think it’s kind of interesting that “woman being ravished by a tentacle monster” has apparently become kind of synonymous with “horror movie.” I <3 living in this society...