Caution: WordPress blogs are being attacked

jeudi 22 avril 2010

It has raised a new alarm that affects many thousands of people around the world with a blog runs on WordPress (the latest version, 2.9.2 is vulnerable too) and several blogs have been attacked and are now infected distributing malware without the operators of these sites have been noticed. The worst thing is that it affects self-hosted version (installed on your own server) of WordPress.

Apparently this vulnerability has to do with SQL injection or some failure of a theme or plugin, it could also be because of some outdated as Magpie library that ships with WordPress. For now only speculation because the problem has not been fully identified.

The problem arises when the field in the table wp_options siteurl is replaced by a HTML code. This field holds the URL of the blog (ie, that field is not designed to accommodate HTML code), so that being accomplished the attack, possibly the affected site longer to load.

The highest number of cases that have been presented so far has to do with the company Network Solutions, although other sites have also been affected VPS.net so probably this attack is independent of the company that provides hosting for the hole security is in the same WordPress and not a default configuration or hardware.

It is important to be vigilant and continuously review the sites to ensure there are no problems, in case of finding an abnormal behavior, it is advisable to check the database and especially the siteurl field.

For now Sucuri Security Labs and Trend Micro have reported this attack, Trend Micro announced that its antivirus detects the problem as TROJ_BUZUS.ZYX (see more information on this virus), which leads to malware infection, and in some cases may install a fake antivirus on the computer of users.

Update: In addition to spreading malware, the infection can get them to generate backdoor Trojans (backdoors), ie that administrators and users could see a normal version of the site, but search engines actually could be seeing another version of site , which is especially dangerous and harmful to the issues related to SEO.

Via Download Squad


Read More


LifeYo, an application for creating Web pages

mardi 13 avril 2010

While there are many people who feel comfortable when handling HTML / CSS, there are also people who want to create a website but do not have enough knowledge to do so. This is where LifeYo, which is an application that lets you create a site without ever touching a line of code, because everything is done from a very simple interface. Using drag & drop (drag and drop), they may be adding elements to a site: Google Maps Maps, Widgets, YouTube videos, etc. It is only necessary to know to use a mouse to build an interface to our taste, as all existing workflow LifeYo is designed for people with little experience be able to work without frustration.

Besides the ability to drag and drop, there are themes or custom designs that give a special touch to each site. Just pick a design from the gallery, to click on the image and design is now activated. For lovers of blogs, FreeYo offers a module to create a blog without complications. As easy as writing a title and body of the entry, is like a mini integrated administration panel, so you have a personal blog is even easier, something that many people appreciate.

FreeYo use is free (the name is very light) and each account created as well get a subdomain free hosting where you can host the files. In summary, FreeYo is a creator of Web sites intuitive and easy to understand, so easy that even a child of 6 years can use it.

Link
FreeYo


Read More


SQLFury, application to see if your site is protected

lundi 22 mars 2010

A recurrent form of attack sites that interact with SQL databases is called SQL injection is to modify the normal behavior of a routine, either to obtain or delete information without the permission or knowledge of managers. It is considered a vulnerability that is exploited widely in many places. SQLFury is an application made in Adobe AIR that allows you to test the safety and stability of a site. Through a series of tests trying to find vulnerabilities in a site (for example by contact or registration form) and where to find them, is notified by a message.

The application requires only the URL to be analyzed as an input parameter. Clicking the Test button starts the analysis of possible failures (can get all the information in the database). SQLFury supports MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Esra application is free and runs on Windows XP/Vista/7 and Mac OS X 10.4/10.5.

Link
SQLFury


Read More


Twitter @ Anywhere, "a useful platform

mardi 16 mars 2010

The most high-profile news of the day was undoubtedly the presentation of a platform called Twitter @ Anywhere, which allows integration of Twitter with third-party sites, forming a continuous workflow that will have fewer interruptions. Anywhere @ The idea is to combine the resources of a site to interact with Twitter, without leaving the site being visited. That's interesting.
For example, a person is searching for Michael Jackson CDs on Amazon, and wants to share the experience with their followers. With the integration of Twitter with Amazon, it would be possible to share information relevant to the user (such as the title of the discs you buy, the approximate price, similar objects, etc.). Without leaving the Amazon site. With one click you could share this information without problems.

Consider another scenario: a person is bidding on an item on eBay. It would be possible to share data object and the current amount of the bid. These examples are very basic and the fly, although there is a real power in the heart of @ Anywhere, which is a great way to integrate a tool as important today as Twitter, with sites that already are a reference anywhere.

Initially, sites have made agreements with the likes of Amazon, eBay, Digg, Bing, Meebo or YouTube. Best of all is that the webmasters do not have to learn to implement an API because it simply does not exist. Just call some scripts to make a site compatible with @ Anywhere, although these details are not yet known very clearly.

To learn more about this platform, we recommend dry account
@ Anywhere, where relevant news will be published from time to time. For now it is known that during the conference Chirp, Twitter developer, it will be giving many more details on this topic.

Via
Mashable


Read More


Visual Website Optimizer tool to improve the performance of a Web site

dimanche 28 février 2010

When doing any business on the Internet, it is important to consider the optimization, and Visual Website Optimizer is a real gem, especially for people who are looking to improve the user experience. Basically it is a tool that allows you to change various aspects of a site (text, colors, formats, etc..) In order to test and also monitor the results of such changes.
For example, for those who make sales is an essential tool because it can cut expenditure. Because the data are shown in real time is a very important tool. You can even do tests of type A / B, which could be useful to people who show ads, and in this way, improve performance and increase profits.



Among several features that can be found inside VWO is for example, integration with Google Analytics, reporting A / B with support for Multivariate, graphic and accurate details about the visitors, WYSIWYG editor (visual editor WordPress style) that allows editing of any site without ever touching the code.



Personally I think this is a rough diamond, offering many options really useful. No doubt this tool should be in the arsenal of any webmaster who cares about his performance (s) site (s). For the time being is in Beta, which is free for everyone, however, later on when the Beta expires, will likely become a paid service. We must seize the duration of this phase.



Link Visual Website Optimizer


Read More


 

Our Partners

© 2010 hh All Rights Reserved