The majority of bloggers are forced to deal with spam blogs (splogs, aka scraper blogs), and even though a variety of counter measures exist, they just don’t seem to do the trick. Most of the time, splogs will scrape only an excerpt from the post, making the permalink at the bottom of the post useless. […]

Alan over at Affiliate Confession decided to announce the release of his new theme, something I didn’t even think to do here on Nullamatix. After thinking about it, I don’t even remember when the theme was applied, so I’m guessing either thiwww.entrecard.comr the new theme over the old one, but the majority of people are […]

Note: This is a follow up to the original Make Money With a Poor Mans BANS (Build A Niche Store) post. If you haven’t read that post, please do so before continuing with this one. Robert made a fantastic suggestion in the original Poor Mans BANS post. After deploying several Poor Mans BANS sites, maintaining and […]

As you might have guessed, I’m ultra concerned about security. Security isn’t my area of expertise, nor do I claim to have any superior knowledge in the field, but sometimes being ahead of the game can prove beneficial. Shoemoney’s blog has been defaced twice (to my knowledge), simply because he failed to upgrade. This gives […]

Wow, four Wordpress plugin exploits released in under a week. Are these plugin authors really amateurs, or just trying to pwn Wordpress blogs? First up, Adserve version 0.2. The SQL injection vulnerability resides in adclick.php. Here’s the vulnerable code:

if (isset($_GET[’id’])) { Header(”Location: “.iri_AdServe_BannerClick($_GET[’id’]) return $wpdb->get_var(”SELECT url FROM $table_name WHERE id=$id;”);

Again, the id variable isn’t sanitized, and successful exploitation […]

That’s right Wordpresss kiddies, two new vulnerabilities, and they’re pretty nasty. Author Houssamix From H-T Team has released two remote SQL injection proof of concepts for WP-Cal and fGallery 2.4.1. The vulnerability for WP-Cal exists in:

/wp-content/plugins/wp-cal/functions/editevent.php

and here’s what’s vulnerable:

$id = $_GET[’id’]; $event = $wpdb->get_row(”SELECT * FROM $table WHERE id = $id”);

Why? No sanitization of $id. Since id […]

Milworm.com has released another Wordpress plugin vulnerability, this time it’s WP-Forum 1.7.4. I’m no expert at deciphering exactly how exploits work, but this remote sql injection appears to grant the attacker administrative privileges. If you’re using WP-Forum 1.7.4 or earlier on your Wordpress blog, uninstalling this vulnerable plugin is highly recommended. I was unable to locate […]

So you want to earn some cash on-line but don’t think you’re smart enough? Maybe you’ve heard of BANS (build a niche store) but can’t afford to dish out the $100. Either way, these are both silly reasons. If you’re reading this blog, you’re smart enough, and anyone willing to pay $100 for that software […]

Milworm has announced a new exploit for the Wordpress Plugin, WP-Filemanager 1.2. The hole lets attackers upload pretty much anything they want, including evil PHP scripts. For the details, check out: http://www.milw0rm.com/exploits/4844 If you don’t use the WP-Filemanager plugin and your Wordpress installation is current, don’t worry, you’re in the clear. Otherwise, I highly recommend you uninstall […]

After admiring several of my favorite blogs and hearing a recommendation from my sister, I realized several necessary component were missing from my blog. Almost a full days work and a brew later, two-thirds of the intended updates have been implemented. Show Top Commentators This is a great feature that shows who the most active commentators are. […]