2009
08.26
08.26
I looked at my Blog today and it looked a little different.
I feel special 
Punker2Bot is responsible.
Its a fairly simple hack, the HTML at the bottom of this post was inserted at the top of the wp-config.php file. This file is called on pretty much every page.
I don’t think anything else has been changed but to be safe I’ll be upgrading to a fresh new version of the latest Wordpress and changing hosts.
| <html> | |
| <head> | |
| <title>Hacked by Punker2Bot</title> | |
| <link rel=”icon” type=”image/png” href=”http://www.yougetsignal.com/favicon.ico” /> | |
| </head> | |
| <body bgcolor=”#000000” onload=”doWave(0)“> | |
| <center> | |
| <table width=”100%” height=”100%” border=”0“><tr><td valign=”middle” align=”center“> | |
| <p class=”Estilo7” style=”margin-top: 3px; margin-bottom: 3px;” > | |
| <font face=”Fixedsys“> | |
| <font color=”#00BCFF” face=”Fixedsys” size=”+4“>HACKED </font> | |
| <font color=”#FFFFFF” face=”Fixedsys” size=”+4“>HACKED </font> | |
| <font color=”#00BCFF” face=”Fixedsys” size=”+4“>HACKED</font> | |
| <br /> | |
| <font color=”#00BCFF” face=”Fixedsys” style=”font-size:75px;letter-spacing:5px“> | |
| <script> | |
| var text=”Punker2Bot” | |
| var speed=45 | |
| if (document.all||document.getElementById){ | |
| document.write(’<span id=”highlight”>’ + text + ‘</span>’) | |
| var storetext=document.getElementById? document.getElementById(”highlight”) : document.all.highlight | |
| } | |
| else | |
| document.write(text) | |
| var hex=new Array(”00″,”14″,”28″,”3C”,”50″,”64″,”78″,”8C”,”A0″,”B4″,”C8″,”DC”,”FF”) | |
| var r=1 | |
| var g=1 | |
| var b=1 | |
| var seq=1 | |
| function changetext(){ | |
| rainbow=”#”+hex[r]+hex[g]+hex[b] | |
| storetext.style.color=rainbow | |
| } | |
| function change(){ | |
| if (seq==6){ | |
| b– | |
| if (b==0) | |
| seq=1 | |
| } | |
| if (seq==5){ | |
| r++ | |
| if (r==12) | |
| seq=6 | |
| } | |
| if (seq==4){ | |
| g– | |
| if (g==0) | |
| seq=5 | |
| } | |
| if (seq==3){ | |
| b++ | |
| if (b==12) | |
| seq=4 | |
| } | |
| if (seq==2){ | |
| r– | |
| if (r==0) | |
| seq=3 | |
| } | |
| if (seq==1){ | |
| g++ | |
| if (g==12) | |
| seq=2 | |
| } | |
| changetext() | |
| } | |
| function starteffect(){ | |
| if (document.all||document.getElementById) | |
| flash=setInterval(”change()”,speed) | |
| } | |
| starteffect() | |
| </script> | |
| </font> <br /> | |
| <font color=”#FFC21F” face=”Fixedsys” size=”+4“><span style=”position:relative;text-decoration:blink;top:-11px;“>_</span>was here<span style=”position:relative;text-decoration:blink;top:-11px;“>_</span></font> | |
| </p><hr style=”border:0;border-top:1px solid #FFD100;width:65%;margin:15px;” /> | |
| <div style=”color:#fff“> | |
| <img src=”http://pic40.picturetrail.com/VOL361/7579826/18144634/306426869.jpg” alt=”Hacked by Punker2Bot” /><br /> | |
| <span style=”font-weight:normal“> | |
| <br /> | |
| <font color=”red“><?</font> if (!isset(<font color=”#1F85FF“>$web_security</font>)) { die(”<font color=”#FF006A“>Punker2Bot was here!</font>“); } <font color=”red“>?></font></span> | |
| <br /><br /><br /> | |
| Nada fue borrado, esto solo es un mensaje.. <br /> | |
| para demostrarte que tu sitio tiene problemas de seguridad<br /> | |
| <br> | |
| <span style=”font-size:25px“> | |
| <script language=”JavaScript1.2“> | |
| var message=”conseguite un mejor webmaster!” | |
| var neonbasecolor=”#0F0F0F” | |
| var neontextcolor=”#FF0022″ | |
| var neontextcolor2=”#FF0022″ | |
| var flashspeed=20 | |
| var flashingletters=3 | |
| var flashingletters2=0 | |
| var flashpause=0 | |
| var n=0 | |
| if (document.all||document.getElementById){ | |
| document.write(’<font color=”‘+neonbasecolor+’”>’) | |
| for (m=0;m<message.length;m++) | |
| document.write(’<span id=”neonlight’+m+’”>’+message.charAt(m)+’</span>’) | |
| document.write(’</font>’) | |
| } | |
| else | |
| document.write(message) | |
| function crossref(number){ | |
| var crossobj=document.all? eval(”document.all.neonlight”+number) : document.getElementById(”neonlight”+number) | |
| return crossobj | |
| } | |
| function neon(){ | |
| if (n==0){ | |
| for (m=0;m<message.length;m++) | |
| crossref(m).style.color=neonbasecolor | |
| } | |
| crossref(n).style.color=neontextcolor | |
| if (n>flashingletters-1) crossref(n-flashingletters).style.color=neontextcolor2 | |
| if (n>(flashingletters+flashingletters2)-1) crossref(n-flashingletters-flashingletters2).style.color=neonbasecolor | |
| if (n<message.length-1) | |
| n++ | |
| else{ | |
| n=0 | |
| clearInterval(flashing) | |
| setTimeout(”beginneon()”,flashpause) | |
| return | |
| } | |
| } | |
| function beginneon(){ | |
| if (document.all||document.getElementById) | |
| flashing=setInterval(”neon()”,flashspeed) | |
| } | |
| beginneon() | |
| </script></span> | |
| <br /> | |
| </div> | |
| </td></tr></table> | |
| </body> | |
| </html> |
No Comment.
Add Your Comment