Tag Archive | "wordpress"


11 August 2014 | 2,859 views

XML Quadratic Blowup Attack Blows Up WordPress & Drupal

This was a pretty interesting piece of news for me last week as I was actually affected by it (I think?). It’s an XML Quadratic Blowup Attack that affects both WordPress and Drupal and is quite serious as rather than just crashing the software, it can take down the whole server. It didn’t completely take [...]

Continue Reading


18 April 2013 | 6,684 views

Large Scale Botnet Brute Force Password Cracking Against WordPress Sites

There have always been a lot of brute force attempts/bot scans and hacking attempts on WordPress hosted sites (due to flaws in the core and a multitude of insecure plugins) – this site being no exception (they’ve even done some minor damage before). But things appear to have really ramped up recently with a large [...]

Continue Reading


05 April 2012 | 1,019 views

Server Migration – Moved To Linode! And Changed To Nginx/PHP-FPM/APC/W3TC

So lately I’ve being doing a lot more DevOps stuff than security stuff and I’m pretty much enjoying it (apart from some of the tedious sys-admin stuff). So with some of the new stuff I’ve learnt along the way, I decided to move Darknet from a rather bloated managed VPS with 2GB of RAM and [...]

Continue Reading


03 August 2011 | 11,305 views

Zero-day Vulnerability In TimThumb Image Utility Threatens Many WordPress Sites

This is pretty apt after we wrote about WebsiteDefender – Ensure Your Website Security on Monday, a platform for securing web applications with a focus on WordPress. Today a zero-day in a very commonly used WordPress library hit quite a few news sites. The flaw is in an image utility called TimThumb which is used [...]

Continue Reading


12 July 2011 | 16,798 views

WPScan – WordPress Security/Vulnerability Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc). Features Username enumeration (from author querystring and location header) Weak password cracking (multithreaded) Version enumeration (from generator meta tag) Vulnerability enumeration (based on version) Plugin enumeration (2220 [...]

Continue Reading


12 August 2009 | 53,632 views

WordPress 2.8.3 Admin Reset Exploit

Ah it’s WordPress again, sometimes I wonder how many holes there are in WordPress. I guess a dedicated attacker could find some serious ones with the complexity of the code base. It’s suspected some of the recent high profile breaches have come from WordPress exploits. The latest one to become public is a simple but [...]

Continue Reading


16 October 2007 | 2,288 views

Posts Restored & Business (almost) Back to Usual

Ok I’ve just painstakingly restored all the posts I could find since September 10th until now from Google Cache. I’ve worked out the maximum posts missing would be 1 as I could get the cache back to September 12th and the latest post before that is September 10th, or I might not have posted on [...]

Continue Reading


17 January 2007 | 4,554 views

WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6

Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to [...]

Continue Reading


09 January 2007 | 15,290 views

WordPress 2.0.5 Trackback Vulnerability with Exploit

WordPress was “born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog. WordPress is fresh software, but its roots and development go back to 2001. It is a mature and stable product. We hope by focusing [...]

Continue Reading


13 August 2006 | 4,394 views

Microsoft Takes an Effort at Cutting Down Blogspam – Splogs

Splogs are becoming a huge problem, half the stuff you search for nowadays returns a splog, mostly auto syndicated content. I find a lot of my own entries on there, surrounded by Adsense ads. New age scrapers I guess. Technorati returns a lot of results from splogs too, but at least they have made some [...]

Continue Reading


Popular Tags

computer-security · darknet · exploits · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · Information-Security · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·