Skip to content


Content related to blogging, including Wordpress.

New WordPress attack floating around…

I use a shell script to back up my web sites each day -- it exports and downloads a SQL file of the database contents, as well as rsync's the actual HTML files. When I was checking the log file for last night's downloads, I noticed something very strange in the output:

  receiving file list ... done

In total, there were 71 files in the newly-created 1 folder: 70 .html files, and one g.js file. There was also a new oddly-named backup folder, and the index.php file in wp-content (which is just a blank placeholder) had been replaced with basically the same file but with an added line break on the first line.

I googled on some of the .html filenames, and found a number of WordPress sites with the same issue (the "1" folder), but nobody who was talking about the cause of the problem. So I posted about it to the WordPress forums, where someone pointed me to this page, which contains at least a little more background on the issue. I'm also posting some of the html filenames here, in case others are searching for more information on the attack.

As of now, I don't know how they got in (though I suspect via one of the plug-ins), but I don't think it's through any sort of direct site access: none of the site's other files and folders were changed, nor were any posts or comments created. It also doesn't seem to be an automated attack, as the 1 folder hasn't returned after I manually removed it yesterday. But if you run WordPress, keep an eye on your wp-content folder for anything other than what should be there: index.php, plugins, and themes by default. If/when I find out more about this, I'll post a follow-up.

A favorite plug-in debugged…

Note: Ajaxified Expand NOW no longer works in WordPress 3.0.

As a replacement, I'm using Sliding Read More, which works perfectly (and with a nice visual effect). The following is only useful if you're running an older version of WordPress.

Recently (and very smoothly), I moved a couple of sites, including, to a new hosting company. I had been hosting with my good friend James, who runs Find Mac Stuff, for many years, but my small sites were really on too big (ie too expensive) of a server for my simple needs.

The move to the new company went well, with the exception of my favorite plug-in here, Ajaxified Expand Now, which expands articles in place, saving a page reload. It was returning an error message ("Error while connecting to the server. Please try again later.") instead of the content. So I disabled the plug-in, but asked James to take a look at the code.
[continue reading…]

Random header images for WordPress

I've finally migrated my family's site over to the latest version of WordPress, and installed pretty much the same batch of plug-ins and widgets as I use here. However, I wanted something else, too--a randomly-selected image for the header of the site that changes each time the page is loaded, as seen in these four sample pictures:


(The header images are just sections I've snipped out of photos we've taken, with an artsy Photoshop filter of some sort applied.)

I searched the web, and there are a few plug-ins that offer this ability, but they came either too feature-rich, or required some additional JavaScript to work properly. I wanted the most simple, basic, and functional header image rotation solution I could I wrote my own, which required all of two lines of code. I'm posting it here so that (a) I remember how I did it, and (b) in case anyone else wants a simple solution, they'll be able to find it with some help from Google (our family's site is access restricted, so posting it there wouldn't do much good...and it would confuse my relatives, who are used to only seeing pictures of our kids there!)
[continue reading…]

My first WordPress plug-in: custom registration

Over the last couple of evenings, I created my first-ever WordPress plug-in, which I wrote to make it easier to customize the WordPress registration (and login) screen. As distributed, the stock version of WordPress uses a really not-very-nice registration screen--it features the WordPress logo (embedded in a background image), and links back to the WordPress site. If you wish to modify the login screen, you have to change some files in the WordPress core--and that means that every time you update, you have to remember to redo those customizations. Far from ideal...

So I took some time to read about creating WordPress plug-ins, then studied up on the available hooks to see if what I wanted to do was possible. The good news is that, as of WordPress 2.1, it was possible--and quite simple (even for my very-limited PHP skills).

After a few error-filled attempts, I wound up with a working plug-in that creates a nicely-customized registration screen, all without changing any core WordPress code--you can see the results on the registration page. (This is roughly what it looked like under WordPress 2.0, but I created that page by modifying the core WordPress files.)

If anyone wants this plug-in, feel free to grab it (36KB download)--there are some basic instructions in the customreg.php file, but I wouldn't describe it as heavily documented. Also, I'm not sure how well it works with the default login screen, as I use the King Login sidebar widget for login in the sidebar. What I'd really like to do is figure out how to display the registration form with the header, sidebar, and footer--but after some basic investigation, I think that project is beyond my skills. So for now, this is officially good enough.

Timing is everything!

It figures; just days after getting everything together and uploading the first major revision to Robservatory, WordPress goes off and releases version 2.1! Sigh.

I intsalled version 2.1 on my local copy of the site, then ran the upgrader. That portion of the process went quite well. However, in trying to re-enable my collection of plug-ins and widgets, I found that many of them don't seem to get along with WordPress 2.1 at all--enabling certain plug-ins completely breaks the site's display, for instance.

So, for now, I'll be keeping the site on the 2.0.7 release until more of the plug-ins are updated.

Behind the scenes: plug-ins and widgets

A couple of people emailed me, asking about the collection of widgets and plug-ins I'm using on the site. I've also found that the links in the Plugins page of WordPress' management screen are often incorrect, so documenting the updated URLs seems like a smart thing to do.

So without further ado, you'll find the list just below the (now expanding-in-place!) jump...
[continue reading…]

Site upgrade completed

Welcome to Robservatory 2.0!

We're now running the latest and greatest version of WordPress, but the big news is that I've spent a fair bit of time digging for and installing useful add-ons. (I've also converted the sidebar to WordPress widgets, a cool plug-in that makes it much easier to add and remove things from the sidebar.)

Read on to see some of the new features, as well as some notes from the conversion process...
[continue reading…]

An expansion in focus…

Given that most of the technology subjects I think to write about are being used on (they get first dibs on anything that I want to write that's related to my job), I've chosen to expand my writings here on robservatory to cover other topic areas that I find interesting. I make no promises that you will also find them interesting, but I don't think there are a ton of readers out there anyway :). The first two such posts follow this one.

I'll clearly not venture into areas of "social debate," such as politics, religion, or Wii vs. PlayStation vs. Xbox 360...ok, if someone wants to send me one of each of those, I'd write about them :). Basically, the new entries will cover things I run into in my daily adventures that I find intriguing, stupid, rant-worthy, rave-worthy, or that otherwise tickle my interest. As such, I can't tell you exactly what those things might entail, but hopefully you'll occasionally find them of interest.

Note that I will still cross-post all my stories here, and will continue to focus mainly on Macs, OS X, and technology, as those are my three main interest areas. And after Expo, look for a totally new "Robservatory 2.0" to be launched here. The look will be much the same, but I've spent a bunch of time digging around for nifty WordPress plug-ins, many of which are Ajax-ified for easier user interaction. I think you'll like the new tools, and I'll like some of the things they let me do (like easily run polls on various topics).

And now, I'm off to the Expo! Hopefully the realities of the Tuesday keynote meet the incredibly high level of hype they've generated...but really, how could it? I've got my fingers crossed, though, just in case!

Annoying captcha added (sorry!)

Update: The annoying captcha has been replaced.

no spamToday I took the long-avoided step of adding a captcha to the comment submission form. It seems my blog has been discovered by the spambots, and (even with Spam Karma 2 installed) the flood of meaningless spam has gotten too large to ignore. Most of you probably don't see the postings, as I get notified via email whenever they appear, and I do my best to delete them immediately. However, as the number of meaningless comments increased, this process was becoming too time consuming.

So I was left with two options. First, I could allow only registered users to post comments. I don't like that solution, since this is an informal, hopefully fun place to just drop by. If someone feels like leaving a comment, I'd like them to be able to do so without the hassle of registering for an account. So that left the second option--adding the captcha to the comment screen. This is far from ideal, as I know sometimes the stupid things are nearly unreadable, and they present issues to those who have problems with their vision. I wish I had a better solution (a future update to Spam Karma may solve the problems, I hope), but right now, I don't.

So for now, we have a captcha. It's not like there are a ton of comments here anyway, but hopefully this won't cut down on the dialog as much as would happen if I were to add a registration requirement. Please let me know if you have any issues with the captcha; I'm using SecureImage, which is fairly widely used, so hopefully the problems will be minimal. This plug-in does have one nice feature--if you are logged in, you won't see it (so there you have it, one minor reason why you might wish to register). And spammers, please find a better target for your vileness. There's no way I'm going to let any of your drek stay on these pages for any length of time!

And yes, there is more content coming here in the future--I've just been a touch busy with Macworld and stuff lately!

New comment tools installed…

Today's lunch hour project was to enhance the comment engine here on Robservatory just a bit. To that end, there are now two new features active:

  • Instead of a generic Recent Comments tracker in the sidebar, a new Unread Comments tracker (thanks to the Smart Unread Comments plug-in) shows only the comments you haven't personally seen. There's also a link to mark them all as read, in case you'd like to catch up right away. (Since the plug-in uses cookies to track the unread comments, everyone's starting point is the same--they are all unread, since the cookies haven't yet been created on your machine). This should make it somewhat easier to keep up with comments posted here.
  • Posting comments is now easier, thanks to the LivePreview plug-in. As you start typing your comment, you'll see a real-time preview (JavaScript required) below the text area. This is pretty slick, as it will preview HTML on the fly, so you can check bold, italics, and links before you hit the Submit button.

Not earth-shattering changes, but they should make working with comments a bit easier for everyone...