Stuff that doesn’t fit in any other category
I recently ordered a couple of new services from Verizon (distinctive ring and caller ID). In their confirmation letter, I found this reassuring paragraph (red underlines are mine):
Versizon uses a definition of "any time" that I am not familiar with!
After a mostly-painless upgrade, we're now running WordPress 2.5. About the only hiccup is that the Addicted to Live Search plug-in (which I am addicted to) doesn't seem to work right with anything other than the default permalink style. (Permalinks are the URLs for individual stories.)
The default permalink style is ugly and doesn't necessarily work well with search engines, but I love the search feature so much I'm using them for now...hopefully the plug-in will be patched in the near future.
After some investigation with help from a couple of very useful people (thanks, chays, Ryan, and Donncha), we've determined that the files I found on my server were placed there as a result of the WordPress 2.3.2 vulnerability, even though my site had been updated to 2.3.3.
To make a long story short, if your site was affected by the 2.3.2 vulnerability, you must change your admin passwords. While the attackers can't get the actual password, they can continue to login as admin ever after you upgrade to 2.3.3. That's because the cookie they received when exploiting the hole in 2.3.2 will still work in 2.3.3 -- unless you change your password.
In everything I read about the 2.3.2 exploit, I didn't see anything about the passwords being exposed, so I didn't change it when I upgraded to 2.3.3. Lesson learned...
I use a shell script to back up my web sites each day -- it exports and downloads a SQL file of the database contents, as well as rsync's the actual HTML files. When I was checking the log file for last night's downloads, I noticed something very strange in the output:
receiving file list ... done
./
html/wp-content/
html/wp-content/1/
html/wp-content/1/3c-texas-holdem-poker.html
html/wp-content/1/american-poker.html
html/wp-content/1/bonus-code-party-poker.html
html/wp-content/1/casino-poker-gratis.html
html/wp-content/1/come-giocare-a-poker.html
html/wp-content/1/come-giocare-poker.html
....
....
In total, there were 71 files in the newly-created 1 folder: 70 .html files, and one g.js file. There was also a new oddly-named backup folder, and the index.php file in wp-content (which is just a blank placeholder) had been replaced with basically the same file but with an added line break on the first line.
I googled on some of the .html filenames, and found a number of WordPress sites with the same issue (the "1" folder), but nobody who was talking about the cause of the problem. So I posted about it to the WordPress forums, where someone pointed me to this page, which contains at least a little more background on the issue. I'm also posting some of the html filenames here, in case others are searching for more information on the attack.
As of now, I don't know how they got in (though I suspect via one of the plug-ins), but I don't think it's through any sort of direct site access: none of the site's other files and folders were changed, nor were any posts or comments created. It also doesn't seem to be an automated attack, as the 1 folder hasn't returned after I manually removed it yesterday. But if you run WordPress, keep an eye on your wp-content folder for anything other than what should be there: index.php, plugins, and themes by default. If/when I find out more about this, I'll post a follow-up.
"Dave, so how's the new underage drinking campaign been for your business?"
'Well, it's been just amazing, actually. Sales are up over 80% since they kicked off this program, and once my flyers go up in the mall, I expect those figures to increase even more!'
Sure, the story itself is about a program that Oregon liquor stores are implementing to educate parents about the dangers of alcohol in the home...but that headline! Surely someone must have looked at that prior to publication...and yet, they reviewed it then said "Yup, that looks fine--push it to the web!" ??
Note: Ajaxified Expand NOW no longer works in WordPress 3.0.
As a replacement, I'm using Sliding Read More, which works perfectly (and with a nice visual effect). The following is only useful if you're running an older version of WordPress.
Recently (and very smoothly), I moved a couple of sites, including robservatory.com, to a new hosting company. I had been hosting with my good friend James, who runs Find Mac Stuff, for many years, but my small sites were really on too big (ie too expensive) of a server for my simple needs.
The move to the new company went well, with the exception of my favorite plug-in here, Ajaxified Expand Now, which expands articles in place, saving a page reload. It was returning an error message ("Error while connecting to the server. Please try again later.") instead of the content. So I disabled the plug-in, but asked James to take a look at the code.
[continue reading…]
After updating my iPhone to 1.1.3 (and jailbreaking it, courtesy of ZiPhone), I decided I was bored of my current iPhone wallpapers—I've been using Rob Randtoul's very nice iPhone wallpaper collection, but felt it was time for something new. So this morning, I spent a bit of time trimming some of my pictures down to iPhone size, and found that the end results looked better than I was anticipating. So I thought I'd share the results, in case anyone wants more variety on their iPhone. Click the image at left for a larger view of the collection, and if you'd like to download the wallpapers, well, here's the link:
To use, just add these to your iPhoto library, then sync to your iPhone. I code my iPhone wallpapers with a unique keyword in iPhoto, create a Smart Album based on that keyword, then sync that smart album to the iPhone. Then use the Wallpaper section of the iPhone's Settings panel to set your wallpaper. (If you have a jailbroken iPhone and you install SummerBoard, you can use your wallpaper as a background behind the iPhone's actual screen, too, and not just the wake-from-sleep screen.)
Many of these aren't really suitable as wallpaper (especially in SummerBoard mode), but some actually work out pretty well.
As a (non-active) instrument-rated pilot, one of my favorite diversions is X-Plane—as it's the closest I'll ever get to flying the "big iron." There are realistic touches in many spots in the sim, including the occasional bird flock visible during takeoff or landing at some airports. Now I'd seen these flocks on many occasions, but hadn't realized that they were actually...involved...in the simulation.
But the other day, I was taking off in a 747 out of Portland (not like we really get those here), and a flock flew across the runway just after I rotated. Despite my best efforts, the 747 flew right through the clump of birds, and the he results were...quite surprising, and more gory than I was expecting. Read on for the details and a (too realistic?) screenshot.
[continue reading…]
In case you missed it, CNN is reporting that the seventh season of 24 will not return until 2009. In the story, CNN notes that 24 would end during the summer if it started its run late. (Traditionally, networks won't air their top-tier shows in the summer.) Here's how Fox summarized their decision making process, from the story:
A January 2009 start seemed the best way to comply with viewers' wishes that a season's episodes run without interruption to conclusion, Fox said on Thursday.
Ummm, no. The best way to comply with viewers' wishes would be to start production, begin airing the show whenever it's ready, and then air it in consecutive weeks until it's done. The best way to comply with the network's wishes, however, would be to make the decision they made. Idiots.
We're now running the latest version of WordPress -- if you run WordPress and aren't on 2.3.3 yet, I strongly recommend upgrading, or at least patching your xmlrpc.php file. There's a security problem with that file in older WordPress releases, as detailed in this WordPress blog post:
If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog.
This actually happened here; two posts were modified to include links to malware and ringtone sites.
Most everything is back up and working as it was before, though sadly, the King Login widget, which allowed logins directly in the sidebar, doesn't work at all with 2.3.3, so it's been disabled. While working on the upgrade, my comment spam blocker was offline for all of 10 minutes or so. During that time, three anonymous spammy comments were submitted -- sheez!