anythingarian bubbles and troubles from the land of the sweating hun
/ kalebeul / 2008 / 06 / 04 / more on the hack attack adolfo daine manchurian candidate /
More on the hack attack: Adolfo Daine/adol77dai51, Manchurian candidate?
Skip to: comments (4); categories; related posts; previous/next postMore on the hacker who briefly brought baldie enterprises to a shuddering halt the other day. The problem is now fixed and I haven’t got time to investigate properly, but I no longer have any reason to believe that the attack was purely permissions-based, exploiting the tendency of most of us to 777 /wp-content/ directories. Instead this is roughly what I think happened:
- 2007/10 “Adolfo Daine” registers as a subscriber with username adol77dai51 and email adolfodaine77@gmail.com over at the Libro Verde micro-site
- Sometime in 2008, possibly 2008/04/11, “Adolfo Daine” uses his registered user role to exploit user security weaknesses in WordPress (versions prior to 2.5.1?), creating an additional directory /.rifled in /libro-verde/wp-admin/
- 2008/06/02 at around 21:00 British time, long after I will have forgotten the user registration, this triggers Javascript injections into php and html files in the /libro-verde/ directory and elsewhere on the site, causing all WordPress pages and some others to cease to render.
Who is “Adolfo Daine”?
WordPress support lists a user name apparently belonging to http://www.marksaves.com, which is begging spam masquerading as political news, run by a poisson who describes himself as Mark Taylor PhD, claims to be interested in SEO, and appears to have been installing WordPress himself in September or October 2007.
Assuming this hypothesis, who else is at risk?
“Adolfo Daine” has registered for no apparent reason on WordPress sites worldwide in a variety of languages. Here are some of his targets: Demi-Fantasy, in Vietnamese, The Lair of the Cubelodyte, absoluteperplex, in German, and hundreds of others. Interestingly, none of these registrations seem to be older than September 2007.
Does “Adolfo Daine” need, like, some technical assistance?
I presume “Adolfo Daine” or “Mark Taylor” or whoever’s intention is to hijack pages, filling them with spam links, so I find it hard to understand why the string injected was sufficient to draw attention to its existence–and thus facilitate its removal–but insufficient to achieve its purpose. Does “Adolfo Daine” or “Mark Taylor” need a bit of help?
[
I'm interested in the human aspect of this, so if whoever's doing it wants to tell me more on a confidential basis of some nature, please get in touch via the contact form quoting the day in October on which you registered on the Libro Verde site.
If Mark Taylor exists, actually has a PhD, and is really engaged in legitimate business, it would be interesting to hear his public account of how he came to be mixed up in all this. If he doesn't want to go public, I know a couple of people in Atlanta who would be most happy to come and visit him.
]
Trevor @ 4 June 2008 1:45 PM
Hate this blog? Reduce posts with our books4beer scheme
All commission on sales via this site of The Manchurian candidate
Categories
Les bourgeois, Of the marketplace, The law courtRelated posts
- Redesign
- Did Woody Allen plagiarise Vicky Cristina Barcelona?
- WP plugin allows comment spammers to pay for their contribution
- Public brothel in Barcelona
- kalebeulmanaakh
Previous/next post
«« We wuz hacked ««»» Sant Martí de Centelles slags off anarchists, disagrees on “historical memory” »»
Comments
Feeds: RSS
Trackback link.
162Tell me if the spam dragon gives you a hard time. Log in if you want to be really foul.
- Tibidabo set to music
- Spanglish, an important new literary language
- How a right-wing tree became a left-wing tree
- “Those close to the couple say they penetrate one another perfectly”
- De Juana Chaos gets something right
- Photos of egrets eating lizards
- Left/right
- How to use public service exams to screw your enemies
- “What is art in Latin countries is obscenity in the Nordic north”
- I am burning with desire to teach the Spaniards how Nordic women can love
- Bologna baloney: Barcelona student protestors are either mad or stupid
- Nerd riot
- Macbitch in Paris
- Hot chicks in Cornell
- Fines for “incorrect” language use
On Facebook, Trevor is eating saucisson de sanglier and starting to look like Obelix.
kalebeul
open source and uses Linux,
Apache, MySQL,
WordPress, PHP · Sing along with Moo Way (MP3) · 61 in 0.652
5:22 PM on 4 June 2008
I wasn’t sure whether I should find that picture of Dr Mark Taylor sexy or not.Then I realised that I was supposed to… check out the filename!
That site is awesome. Even better is the associated http://www.usa180.org/ which contains a long email written by someone who appears to have been smoking meth. Truly fascinating. The italics and bold are, I believe, the computer equivalent of purple ink in a letter to ‘er Maj, I reckon. Bookmarked.
5:58 PM on 4 June 2008
If Dr. Tom says a site is as good as smoking meth I suppose we’ll have to believe him.
6:00 PM on 4 June 2008
I don’t think he did say that, but one day he might.
6:05 PM on 5 June 2008
No site is as good as smoking meth, so far as I know.