Category Archives: wordpress

WordPress HACKED! Everbody Panic!

Okay, yes, the title is absolutely link bait. I am the worst kind of internet ghetto barker, flashing neon and shouting lewd incitements to the passersby, hoping to lure them into hot sweaty posts of ill repute.

Yes, my wordpress installation was hacked. No, you shouldn’t panic. It was an old version of WordPress, 2.4, that I had installed on an unused domain for testing purposes. Somebody figured out how to hack the built-in file uploader included in WP, and they were using it to install folders on all the other domains on that same server. The folders they installed generated thousands of link-farm pages. Assholes.

So, I had to go into search and destroy mode. I needed to find every file on my site that had been modified after a certain date. To do that, I used the “find” command, with a few modifiers. Here’s the full command (type it, don’t copy it)

find . -name "*" -mtime -1 -print | grep -v cache | grep -v logs | grep -v cache

Here’s what it means

find . = “Find some files for me, starting right here in this directory.”

-name “*” = “I want you to find files where the name matches … um, everything (thus the wildcard).”

-mtime -1 = “Once you find those files, narrow it down to just the ones with a modification time of 1 day or sooner.” If you want to search further back, increase the number to however many days back you want to search.

-print = “When you get those files, print them on the screen.”

| grep -v logs = “Now just before you print those file names, filter out any that have the word “logs” in the name.”

| grep -v cache = “And finally, filter out any that have the word “cache” in the name.”

You can modify how far back you want to search, you can modify the names you want to exclude (logs and cache files will always have recent modification dates, so I exclude them from my results), tweak it until it works for you, and then go forth and destroy the intruding files.

Oh, also, GIRLS! GIRLS! GIRLS! Whiskey and Cigarettes! Come on in, sir, experience the experience of an experienced lifetime!

Up the WP

Give me WordPress, give me WordPress
You can have all the rest, give me WordPress

I love Matt’s little blogging engine that could. It’s easy, fast, and pretty to look at. It’s easy to install. It is not, however, fun to upgrade.

That’s a problem, because people keep on coming up with tricksy little ways to burninate WordPress. Now, the folks who write the code are pretty good at staying on top of chinks in the armor, but that means that every time they say “update”, I have to update. Being the lazy ass that I am, I don’t like to keep doing things the hard way, ftp’ing data up and down, so I wrote a little bash script to do the badness for me. Now, I can go from vulnerable to updated in 0.4 seconds flat!

Let me take just a second to give mad props to the WordPress folks for a simple decision they made early on, that makes a world of difference to guys like me: you will always, always find the latest version of WordPress at the same location:

Simple, easy, but by avoiding all the complications of version numbering and folder locations in the download URL, they make it possible to write scripts like this. Thanks, guys!

If you don’t know how to use bash scripts, check out this tutorial: Bash it! Bop it! Script it!. It’ll show you where to put the script, how to make it executable, and how to call it from the command line. The script itself is in the download link below, and it’s pretty well documented, so you should be able to figure out why everything is there. Here’s a stripped down version, with none of the documentation:

#! /bin/bash
# =======================
# WordPress Upgrade Script 0.1
# Written by Command Line Idiot
# You may use, modify, and redistribute this script freely
# Released: April 2008
# =======================
echo 'WordPress server location, without trailing slash (ex. /var/www/'
read WPLOC
rm -rf $WPNEW/wordpress
rm -f
unzip -o
rm -rf $WPLOC.bak
cp -rv $WPLOC $WPLOC.bak
cp -rfv $WPNEW/wordpress/*.php $WPLOC/
cp -rfv $WPNEW/wordpress/wp-admin/* $WPLOC/wp-admin/
cp -rfv $WPNEW/wordpress/wp-includes/* $WPLOC/wp-includes/

You can download the script here:

WordPress Update Script 0.1

Share and enjoy!