Category Archives: Site Security

Testing New Invoice Format for SPM


The project I am talking about is an online/offline payment solutions for Australia merchant. BPAY and PostBillPay is very popular to merchant in Australia. After this patch done, I will expand the project bigger and that would effect a lot of product of our company. This is including accept credit card and all will need PCI Compliance. None of Thai Banking doing this or very few.

This time, I will need to patching the invoice generator to fix the bug on the first of August. All the tests are good and believe tomorrow test will be good. I was on this problem for about 2 months already. The first month I have to fix the logic of wrong fee calculation and that was fixed. Now is the patch for the new invoice that will display the correct amount of fee that charge to clients.

Sometimes, working on financial stuff is too scared for wrong things happen, but after fix and test for many times that could make us confident for the results. Tomorrow too, I am very confident it would pass very easy.

Momcashblog.com Malware Attack


This is a second time that my site, KrpMag.com (It is currently reported and I am appealing with them so I am not going to make a link since google will take it as a relationship between malware sites), has been report to StopBadware.

The relationship on “Reported Attack Site!” said I have a malware that hosted on momscashblog?!?!? WTF I have no link or relationship with this site before. I have scanned my whole files and can’t find any virus or trojan. Fortunately Google webmaster tool has a lab tool (this time) so I can see what is the malware!!!

My website must got some kind of hi-jack on wordpress that I was trying to update to the new version everytime, but for the plug-ins, you wouldn’t know which one has a good protection. The best of protection is.. make the file un-writeable on those plug-ins.

The malware look like this.

It was injected in plugin name “wp-polls” and I have the new version downloaded from developer site and couldn’t find that part of script in it. So this has been hi-jack by WordPress hole since November 2009, I am sure.

Once the javascript encode and write to the page look like this

So this will produce a hidden-iframe that point to momscashblog which has been reported Malicious software includes 3 trojan(s), 3 exploit(s), 1 scripting exploit(s).!!!! OMG

So, you must use Google Webmaster Tool or findout where is the suspicious javascript/iframe injected in your WordPress directory. I hope this help.