Journal

WordPress Brute Force Botnet Hack Username Attempts

WordPress Login

Over the last year or so we’ve been monitoring WordPress hack attempts. Everyone knows using an account named, “Admin” (which was the default WordPress login years back) is ripe for brute-force login attacks. What’s interesting is that the same sites often get attacked repeatedly with the same login username – but from the same IP – just at later dates.

Recently there’s been a major uptick in these WordPress brute force botnet attacks – while the attackers generally never get through, since we all have strong passwords, it does take away server resources.  (more…)

WordPress Hacked

It’s not what you think. This time we’ve discovered what appears to be an ongoing (looks to date back to before July 2010) server level hack that targeted WordPress sites. What seems to happen is any link on the WordPress-based site is compromised by a redirect request (in this case it went to a Canadian based Viagra shop called MedShop-247.com. (Not running WP by the way)

Here’s the PHP code that was injected into the top of the WordPress core index.php file.
(more…)

TimThumb – PHP Image Resizer for WordPress

TimThumb - Image Resizer for OldeHope.com
A while back we were asked to redesign OldeHope.com, a site dealing with Antiques, Americana and Folk Art. (We considered the excellent ExpressionEngine, but ultimately chose WordPress as it was easier for the client to “digest” the back end administration.)

After settling on some required plugins to handle the specific needs of the site. We knew we needed something smart and bullet-proof to allow our client to upload and reuse images throughout the site.

Enter TimThumb. TimThumb is a PHP image resizer script, not only for WordPress – but for general PHP based website use as well. It’s been super easy to allow the client to simply upload the image in one location on the WordPress Custom Post form we created, and then have that same image instantly resized, cropped and proportionally (or not) available for use everywhere else on the site with no further intervention.

TimThumb – It’s our another one of our secret weapons of web design and development.
Thanks to Ben Gillbanks, Darren Hoyt and Tim :)

Update for the Journal

We’re in the process of converting our existing “Journal” content. Check back soon.

WordCamp NYC 2009

WordCampNYC – Nov 14-15 I’ll be in The Big Apple on Nov 15 hangin’ with the other WP folks. Visit http://2009.newyork.wordcamp.org/

*See ya there – DM me on twitter.com/badcat*

Archives