• Uncategorized

    WordPress Meta Tag Forwarder Using Junkmail

    This morning, I received an e-mail message from an acquaintance of mine that I’m working on a group project. Every member of this group was carbon copied in this message (Cc not Bcc). There was no subject to the message and there was only an URL in the body. Obviously this was junk mail and the destination URL would probably run an arbitrary script that would do something malicious.

    So, I checked out the script by downloading the file at the offending URL directly as a text file. It turned out to be a simple HTML page called “likeit.htm” with one line of code – a <meta http-equiv> tag that forwarded the victim to a different site (it actually forwarded through 3 sites).

    What bugged me was that this HTML was part of a WordPress theme package (i.e. http://www.example.com/wordpress/wp-contents/themes/theme_name/likeit.htm?random_city_name). So that meant that there are hackers putting together WordPress theme packs and site owners are unknowingly installing these URL forwarding scripts into their WordPress sites. All the hackers have to do is put malicious code at the destination URL and wait for visitors.

    So next time you download a free theme package for your WordPress site, make sure it doesn’t contain non-standard html pages like “likeit.htm“. If it does, there is a chance that there are other malicious scripts embedded in the theme pack that will try to syphon information out of your site visitors or your site to be used as part of a bot-net. So don’t just delete “likeit.htm” – don’t use the whole theme package! Delete it from the server too, because as long as it’s stored in public space, it can be accessed by direct URL.

    There’s nothing more expensive than FREE.

  • Tech

    Mac OS X 10.5 Server – 2GB Cyrus Quota Limit

    If you’re running the default Postfix/Cyrus combo on a Mac OS X 10.5.x server AND use mailbox quota management, then be aware that Cyrus can only manage mailbox quotas of up to 2047MB – that’s 1 MB less than the 2GB mark.

    If you set a user’s mailbox quota any higher, then you’ll start seeing weird errors all over the place. Most likely, it will also cause the said user to not be able to receive any more mail.

    When this is happening, you will notice this error message in your logs:

    root : TTY=unknown ; PWD=/ ; USER=_cyrus ; COMMAND=/usr/bin/cyrus/bin/cyrus-quota -r

    I’ve found out that out of the box, Dovecot quotas management is also limited 2GB. There are hacks around this but is not recommended for people who forget commas in their codes often.