More on the hacker who briefly brought baldie enterprises to a shuddering halt the other day. The problem is now fixed and I haven’t got time to investigate properly, but I no longer have any reason to believe that the attack was purely permissions-based, exploiting the tendency of most of us to 777 /wp-content/ directories. Instead this is roughly what I think happened:
- 2007/10 “Adolfo Daine” registers as a subscriber with username adol77dai51 and email firstname.lastname@example.org over at the Libro Verde micro-site
- Sometime in 2008, possibly 2008/04/11, “Adolfo Daine” uses his registered user role to exploit user security weaknesses in WordPress (versions prior to 2.5.1?), creating an additional directory /.rifled in /libro-verde/wp-admin/
Who is “Adolfo Daine”?
WordPress support lists a user name apparently belonging to http://www.marksaves.com, which is begging spam masquerading as political news, run by a poisson who describes himself as Mark Taylor PhD, claims to be interested in SEO, and appears to have been installing WordPress himself in September or October 2007.
Assuming this hypothesis, who else is at risk?
“Adolfo Daine” has registered for no apparent reason on WordPress sites worldwide in a variety of languages. Here are some of his targets: Demi-Fantasy, in Vietnamese, The Lair of the Cubelodyte, absoluteperplex, in German, and hundreds of others. Interestingly, none of these registrations seem to be older than September 2007.
Does “Adolfo Daine” need, like, some technical assistance?
I presume “Adolfo Daine” or “Mark Taylor” or whoever’s intention is to hijack pages, filling them with spam links, so I find it hard to understand why the string injected was sufficient to draw attention to its existence–and thus facilitate its removal–but insufficient to achieve its purpose. Does “Adolfo Daine” or “Mark Taylor” need a bit of help?
I’m interested in the human aspect of this, so if whoever’s doing it wants to tell me more on a confidential basis of some nature, please get in touch via the contact form quoting the day in October on which you registered on the Libro Verde site.
If Mark Taylor exists, actually has a PhD, and is really engaged in legitimate business, it would be interesting to hear his public account of how he came to be mixed up in all this. If he doesn’t want to go public, I know a couple of people in Atlanta who would be most happy to come and visit him.
- Did Woody Allen plagiarise Vicky Cristina Barcelona?
Alexis de Vilar says the film copies his 1987 novel Goodbye, Barcelona. Manel Haro points out that the book was not,
- They want our money but they don’t want our participation
Lenox’s take on the tourism department in Mojácar, where, including unregistered residents, there are probably at least as many British- as
- Frying pans, fires, football
Invited by Tony Blair, the Iraq national team is apparently playing a British parliamentary XI tomorrow and then heading up the
- The English week
Some completely useless information: la setmana anglesa (ie a working week that ends at lunch on Saturday) is specified in Article
- Turkish delight
I’ve already posted Catalan translations of selections from Gerard Monnink (who travelled with Toon Damhuis) and Jan Cremer Senior; Harry Jutten