WordPress, malware and the nightmare of a persistant hacker.

Screen Shot 2016-06-09 at 1.34.47 PM

I have a dear friend that has her wordpress site hacked over a year ago. I helped her out then. Basically ended up asking her awful host to do a restore from backup. It cost her, for my time and the host charged her for the restore. The hack came from a pakistian group that signs their sites by leaving a text file claiming “Hacked by . . .” And I’m not going to name the asshat here.

I found a security plugin around that time and got a lot wiser about wordpress security. It starts at the get go. You don’t create a admin user. You only add the plugins that you need and you keep them, the version of wordpress AND the server up to date. You only add one or two admin enabled users. Then you take the time to watch the live traffic on the server. My favorite security plugin WordFence allows you to watch everything hitting the site in live time. From there you can block entire networks of Chinese, Russian or other maliciously minded countries with just a few clicks.

The attack on my friends site a month ago was eye opening.  There was a directory with over 4090 files, over 47 mb of files all directing traffic to various spam locations. I found a common directory name in this folder. Doing a google search for that directory name brought up the top 10 responses all saying this site may infect your computer. The htaccess was changed to redirect all of her menu items to a pharmacy. Of course at the time of the attack I deleted the FTP users and recreated new ones with new difficult 1Password generated  passwords. They were back adding over 60 malicious files in a few days. Then 50 new files the day after.

I was at this time convinced that this was a f649 infection or Darkleech infection. (Darkleech is a nasty malware infection that infects web servers at the root level. It uses malicious Apache modules to insert hidden iframe within the site.) See here  The client called GoDaddy, the hosting company and they tried to sell her a $150 security package saying her passwords were not encrypted. (Bullshit!) We’ve since moved the site to a different host.

The ways they went about coding things to avoid detection was comical.

  1. Url decode was used to obscure encrypted urls.
  2. File names that looked like they belonged were added to various directories.
  3. Base decode was dropped in like “ba”.””.”s”.”e”.””.”6″.””.””.”4″.”_”.”de”.””. “c”.””.”o”.””.”d”.””.”e”.
  4. There were many files that had over 30,000 lines of various words within arrays. I have not deciphered the exact purpose, but I’m thinking search engine bait.
  5. IP addresses where hidden by doing variables with long lines of periods. The string length was counted and that was all joined to create an IP address.
  6. There are several empty files in a wordpress install. Mostly index files that force a directory to show nothing if someone tries to url hack into it. On first glance, these files looked empty with only the php start and one might think “oh, files ok, close it.” On further inspection, there were 265 blank spaces before way off to the right, you really needed to scroll over, an entire pile of malicious code would begin. The file was minimized so it looked to be one line. Most people would not scroll right, at least not as far as needed.
    Looks ok?

    Looks ok?

    This supposedly empty php file looks fine when you open it but when you scroll right far enough...

    This supposedly empty php file looks fine when you open it but when you scroll right far enough…

Our new host DreamHost managed to call us out on several files that somehow made the migration. They were on the situation in a heartbeat and I’m proud to say they didn’t try to up sell the client on some arcane security package. They are in a word “AWESOME!”

As a wrap up, I’d just like to encourage everyone that has a wordpress blog to get the WordFence plugin, get on their mailing list (news of compromised plugins almost weekly) and keep everything up to date.

Good luck!

Exhibit subject decided.
Project ready to roll.

Update: project is done. It was up for a month. Sold nothing.

I am a little amazed that it was 7 months ago that I was wondering what subject I should feature in a hanging show at Stonegates.

IMG_4185

Since then I have created prints. Bought frames. Cut and mounted 10 panoramic images.

The Bio

Screen Shot 2014-10-08 at 11.02.16 AM

The same place, 
different weather, 
different days,
different times.

I walk my 2 dogs about 11/2miles every morning. There’s a particular spot in the woods that I walk through that seems to be different each time we pass by. On a whim, I started taking a photo each day I walked past this spot. Little did I realize that 5 months later and over 70 photos that I would need to select such a small number of them.

I like panoramic photos. To me, a photo shouldn’t lock your head in one position and just let your eyes move. To me, it’s more interesting to have the viewer forced to turn his neck to look back and forth, to not be able to take the entire subject with a glance. You will have to let your eyes follow the long perspective down the creek and then to have to pull your eyes back to look up the creek. Up the creek is a different scene than down the creek. Across the creek another scene within itself.

I hope you enjoy the view.

Roger Poole
Syracuse University BFA 1977.
Graphic designer, web designer & coder for over 37 years.

All photos with frame $65.00

 

Here are the images:

IMG_2828


IMG_2927

IMG_2983

IMG_3051

IMG_3077

IMG_3125

IMG_3223

IMG_3333

IMG_3505

IMG_3661

Posted in Uncategorized

Doing an exhibit of photos.

I need to get this out of my head.

My MIL has invited me to participate in a exhibit this August that is presented on the walls of the retirement area at Stonegates, a retirement/health center community where she lives. There’s another photographer invited too. (I’m feeling competitive!)

not to worry I immediately said yes, thinking I could easily do 15 shots of George, and since he use to work there, they’d easily sell, or at least be appreciated.

MIL has put the kibosh on that. Basically it would be over a year since he left and it might be old news.

Since then, I’m going back and forth in my head. Several things keep coming up. The cost. I’ve promised 15 images. There’s the actual print ($4-$20 each) and the frame ($20 – ???). If I need to matt the images, I’m comfortable cutting those but there’s the matt cost so really no other outside labor costs. But that still means spending probably $300 with hopes of return completely un predictable. (In marketing terms, ROI comes to mind.)

My artistic side has been bouncing around with this challenge. And my artistic integrity has been putting up challenges to the challenges. And let me put something out there at the beginning. I’m not a fan of photos on gallery walls. They make me snooze. I’ve somewhat ruled out photos of my dogs, cat, kids and wife. I don’t travel enough to do a travel collection.

Thoughts.

I’d like this to be a series of the same theme. Another thought. Since Beth, my MIL and I will probably know everyone that will see these, going over the top artistic will bomb big. The audience is older conservative Delawareans. If I went fox hunting I’d come back with 15 winners.

mr Toad 1
I could do it as a big project where I grab my macro lens and do 15 shots of bugs on flowers. All squarish formate, cheap photos, cheap frames.

Dog walk - Morning sun at the YMCA
I could do it as a collection of wide panoramas. Could double up on the prints (printing 1- 20 x 24 with 3 – 8×20 images each. This would lead to some somewhat custom frames though.

The night sky
Thinking a collection of night time shots. Moon, stars and other sky based stuff. Maybe some sky clouds. An alternative to this would be nighttime activities type shots (streets of wilmington and or cars in motion with zoom lines).

Thinking a collection of random stranger faces. Ha! Since I’ve started with the 100 strangers group on flickr, I’ve done 3… Let’s not make this impossible.

What to do?
More later.