Posted on by SYSMGR

06-Sep-2009

More testing
Last time, I found a few issues in WordPress that I have encountered before, and tonight I intended to reproduce, and possible solve them.
As it turned out, changing the password succeeded, so the error I got last time, must have come from the code that is executed after database access. That limits the search of the cause, which is good. But both PHPMyAdmin and WordPress, ran into a new error: “zend mm heap corrupted”. I’ve seen that last time but didn’t pay attention to that at the moment – as VSM complained about stack overflow: one more issue that I have today as well – but luckily, only in the admin pages :).
I searched Google, and found this is a known issue for as long time, not related to operating system (it occurs in Windows, Linux and Solaris) or application (PhpMyAdmin, home-brewn code and others). The error causes Apache to crash. I think the running PHPWASD image dows as well.
A possible cause has been suggested (race condition, making it hard to locate) but a solution has not been given – yet.
But I had to stop investigations, for security reasons. To speed things up, I had to stop the emulator.
Google’s dangers
I found yet another ‘problem’ when accessing some of the pages that show up in Google, and that caused e to stop for tonight. It happens that a page that shows up in Google doesn’t exist any more – one of the results caused a ‘404 – page not found’ error. But more worrying is that the next pages run into a PHP script that pretends to scan your system and may even do harm:

  • rezacinteract.com/dgysf/mwgyd/corrupted.php
  • forgottenancestors.com/ftzns/yhiag/corrupted.php
  • quepasaenmicasa.net/maiea/totph/heap.php
  • robertlunaphotography.com/zsfie/uqgpb/heap.php
  • andrewscottjohnson.com/jwean/zacdc/heap.php


    • These four are on top of the list, likely to be accessed and _pretending_ a scan is done. It shows that way, at least, and popping up some malware found. I haven’t run it to the end, and I don’t have screen-images, for obvious reasons. I ran a full scan to be sure no malware has been installed; it didn’t reveal anything bad, but it stopped my investigations for tonight.

    I warned the site owners where I could contact them. But quepasaenmicasa.net doesn’t show contact informatyion and forgottenancestors.com doesn’t accept mail: user unknown.

    Google is nice for searching information, but this shows the danger of the tool. You won’t notice malware until it’s too late.

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.