Skip to content

The downside of public hint submissions

In general, I wouldn't change a thing about the way OS X Hints has worked out over the years -- I've learned a ton, had a ton of fun, and even managed to completely change my career. One of the first things I did right (through sheer luck, more than anything else) was to choose a content management system (Geeklog) that allowed for public story submissions. With the whole community participating, the hints collection has grown at a tremendous rate.

Lately, though, the downside of public submission queue has become apparent: spam submissions. As an example, here's a bit of what I saw in the queue this morning:

spam

There were well over 100 such entries, all of which were added between Friday morning and early Monday morning. Ugh. (Geeklog presently lacks any sort of captcha on story submissions, though I think there's one in the works for the next minor update.)

So instead of spending time reviewing, editing, and posting hints, I spent the first 10 or so minutes of the morning identifying all the spam entries and deleting them from the system. Clearly these are automated scripts at work, hoping to hit sites that use unmoderated submissions. They care not if a site is moderated, obviously, though it certainly puts me in a foul mood as I clean up their detritus. Sigh.



Ultra secret privacy policy

I've been spending a lot of time using Firefox 3.0b5, and I'm generally thrilled with the browser (think Camino's look and feel (mostly), plus full support for Firefox extensions and Safari's speed). It works so well most of the time that I forget it's a beta.

Then there are times like this morning, when I saw this screen:

Privacy dialog

That came up when I tried to report a non-functional site--one that loaded fine in Safari, but wouldn't load at all in Firefox. It's things like this that make me remember I'm using beta software :). (Even worse than the blank privacy policy, though, was the fact that checking the box and clicking the "Done" button didn't then let me report the site.)



I think there’s been an error…of some sort

Today, while trying to register on a web site to download a public beta of some software package, I received the following very helpful error message:

Strange error

Hmm...I'll get right on that, whatever it might have been. (The eventual solution was to use a different page on the vendor's site to complete what seemed to be an identical form. For whatever reason, it worked there, but not where I was trying to do it.)



Feel free to call us any time!

I recently ordered a couple of new services from Verizon (distinctive ring and caller ID). In their confirmation letter, I found this reassuring paragraph (red underlines are mine):

Verizon helpful hotline

Versizon uses a definition of "any time" that I am not familiar with!



Macworld video … upsized

Macworld logoAs you may (or may not) know, Macworld editors each take a turn in front of the video camera on a rotating cycle; my number came up again last week, and this is the result - an OS X productivity tips video (the link is to a page of info about the video). The only problem with that video is that it's 320x240, which makes the detail somewhat tough to see, especially in some of the larger screen captures. So I've decided to post (with Macworld's permission) the larger version of the video here for download:

Productivity tips video: 640x480, 8mins 50 seconds, 90.5MB

I'll do this with my future videos, too, at least until/unless my monthly bandwidth is used up. I don't foresee that becoming a problem, though, unless there are over 10,000 of you out there downloading this thing :).



Now speaking WordPress 2.5

After a mostly-painless upgrade, we're now running WordPress 2.5. About the only hiccup is that the Addicted to Live Search plug-in (which I am addicted to) doesn't seem to work right with anything other than the default permalink style. (Permalinks are the URLs for individual stories.)

The default permalink style is ugly and doesn't necessarily work well with search engines, but I love the search feature so much I'm using them for now...hopefully the plug-in will be patched in the near future.



A Windows Vista hint…

Clearly this one doesn't belong on Mac OS X Hints, but I wanted to have it documented somewhere. There's usually a Windows box of some sort in my home, for testing and game playing. The testing role for my physical Windows box has pretty much been replaced by VMware Fusion, so it's really now a game playing machine.

As such, I upgraded it recently (well, rebuilt it from scratch is a better summary) with a new CPU and video card. I also wanted to put Vista on it, for one reason only: to run Crysis under DirectX 10, which only works in Vista. My Vista DVD is an upgrade installation, which must be installed from within Windows XP. Windows XP, when it came out, didn't support SATA drives, so for a fresh install of XP (it was a new install on my newly-built machine), you must set the SATA mode in the machine's BIOS to IDE. I did that, installed XP, and upgraded to Vista.

Vista includes AHCI support, so my SATA drives can be used in native SATA mode. However, if you just switch your BIOS to ACHI mode, and you were using XP in IDE mode, then your box will fail to boot -- that's because the AHCI drivers are not installed by default in Vista if you start with XP in IDE mode. So how do you switch Vista from IDE to ACHI mode?
[continue reading…]



Update on WordPress attack…

After some investigation with help from a couple of very useful people (thanks, chays, Ryan, and Donncha), we've determined that the files I found on my server were placed there as a result of the WordPress 2.3.2 vulnerability, even though my site had been updated to 2.3.3.

To make a long story short, if your site was affected by the 2.3.2 vulnerability, you must change your admin passwords. While the attackers can't get the actual password, they can continue to login as admin ever after you upgrade to 2.3.3. That's because the cookie they received when exploiting the hole in 2.3.2 will still work in 2.3.3 -- unless you change your password.

In everything I read about the 2.3.2 exploit, I didn't see anything about the passwords being exposed, so I didn't change it when I upgraded to 2.3.3. Lesson learned...



New WordPress attack floating around…

I use a shell script to back up my web sites each day -- it exports and downloads a SQL file of the database contents, as well as rsync's the actual HTML files. When I was checking the log file for last night's downloads, I noticed something very strange in the output:

  receiving file list ... done
  ./
  html/wp-content/
  html/wp-content/1/
  html/wp-content/1/3c-texas-holdem-poker.html
  html/wp-content/1/american-poker.html
  html/wp-content/1/bonus-code-party-poker.html
  html/wp-content/1/casino-poker-gratis.html
  html/wp-content/1/come-giocare-a-poker.html
  html/wp-content/1/come-giocare-poker.html
  ....
  ....

In total, there were 71 files in the newly-created 1 folder: 70 .html files, and one g.js file. There was also a new oddly-named backup folder, and the index.php file in wp-content (which is just a blank placeholder) had been replaced with basically the same file but with an added line break on the first line.

I googled on some of the .html filenames, and found a number of WordPress sites with the same issue (the "1" folder), but nobody who was talking about the cause of the problem. So I posted about it to the WordPress forums, where someone pointed me to this page, which contains at least a little more background on the issue. I'm also posting some of the html filenames here, in case others are searching for more information on the attack.

As of now, I don't know how they got in (though I suspect via one of the plug-ins), but I don't think it's through any sort of direct site access: none of the site's other files and folders were changed, nor were any posts or comments created. It also doesn't seem to be an automated attack, as the 1 folder hasn't returned after I manually removed it yesterday. But if you run WordPress, keep an eye on your wp-content folder for anything other than what should be there: index.php, plugins, and themes by default. If/when I find out more about this, I'll post a follow-up.



Surprising news…

odd headline

"Dave, so how's the new underage drinking campaign been for your business?"
'Well, it's been just amazing, actually. Sales are up over 80% since they kicked off this program, and once my flyers go up in the mall, I expect those figures to increase even more!'

Sure, the story itself is about a program that Oregon liquor stores are implementing to educate parents about the dangers of alcohol in the home...but that headline! Surely someone must have looked at that prior to publication...and yet, they reviewed it then said "Yup, that looks fine--push it to the web!" ??