by Matt | Jul 17, 2008 | Web
We’ve got a nice new theme working. Found it over at SmashingMagazine and took a few minutes to customize it. Got rid of the weird “kid” illustration and added that little shield logo. Swapped out some graphics here and there. Added a “featured” category and a “featured” column to the left, which will highlight what I consider important posts. There’s still a few kinks to work out, like the little corners being a level above the photo lightbox overlays and the categories spilling over in the bottom footer, but I’ll get it figured out. So, whatcha think?
by Matt | May 2, 2008 | Web
The upside of being at work crazy early: Being able to browse the new plugin section of WordPress.org, finding interesting plugins and installing them for no reason. Like this one, which is now rocking my NextGen Gallery. Click for the rounded corner goodness.
[singlepic=3,300,200,center]
by Matt | Apr 3, 2008 | Web
I updated WordPress today as a result of what happened to my friends. I figured it was better safe than sorry, especially if it was the XML injection Chip mentioned. I was already up to date with 2.3.3 but now we’re running the hot out of the oven 2.5. For those of you needing to update as well, let me recommend the WordPress Automatic Updater.
Really a slick deal. It backs up your core files, your database, your plugins, rolls them all into a zip so you can download them, downloads the most current install, stops your plugins, updates the install and restarts everything for you. Very handy. Took me 2 minutes to update and I didn’t even have to download the install ahead of time.
I’ll give you my impressions of 2.5 later, but I just wanted to pass on that tidbit in case anyone else is updating in the near future.
by Matt | Apr 3, 2008 | Friends and Family, Web
I had my good buddy Matt call me up last night. He’s the one I had set up a WordPress install for a couple months ago. It seems that someone hacked his hosting account/WP install and inserted hundreds of hidden porn links all over his site. For some reason, surfing the page on his Blackberry revealed them, probably since the phones browser didn’t understand the “u style=”display:none” tags. The links were inserted into both the individual pages (single.php) and the footer (footer.php) for every page resulting in a ridiculous amount of links per page. I looked like only the default (kubrick) wordpress theme was affected until I checked out the splash page for the entire site and found them there as well. I had thought it might have been a wordpress exploit that allowed someone to change the themes code, but having it in the splash page (index.html) means they would have had FTP access.
I cleaned up the mess as best I could, changed all their passwords to 12+ characters and I’ll install WP 2.5 tonight just in case. I’ve got the dates/times that the files were changed but I haven’t pulled the access logs yet to cross-reference. I have a pretty good idea what site it came from though since all the links share the same domain and the id= tags are all the same as well.
I’d like to find out exactly how it happened so I can try and prevent it from happening again. Now, with the index.html page hacked, I need to find out if this is a super serious WP exploit or if there was a security failure at the host level. If there is I’m going to recommend they find another host ASAP.
If any of you guys have heard of something similar happening and have any clues or insight, please pass it along. The website the links point to isn’t a porn site but I think they might have had their RSS feed hacked, because all the links are things like domain.com/rss.php?something_adult_sounding.
What the hell is wrong with the universe? Hacking a site to make porn links and then hacking another site to link to those porn links, all to what? Increase your Google rank? This shit has got to stop. Its destroying the interwebs.
by Matt | Feb 14, 2008 | Web
I’ve decided to try something a little bit different. After working on the website for my good friends Matt & Melinda and trying to fix their install of Gallery 2, it became really clear to me that Gallery simply isn’t working anymore. I don’t like the way it works, I don’t like the way it’s harder than hell to integrate into something like WordPress and I just don’t like it’s design anymore. Flickr, don’t get me wrong, is a great web service, but it simply isn’t for me. There’s no incentive to use it. If I didn’t have my own website or my own hosting I’m sure I’d be completely happy with Flickr. But, having 99% unused space on my server, there’s little to no point in using Flickr for storage alone. Plus, I never got into it to begin with, so that may have something to do with it. Now, enter in NextGen Gallery, a completely self contained WordPress Plugin fully capable of organizing and displaying photos in albums and galleries. I like it. I like it a lot. It’s easy, fairly intuitive, and a breeze to work with. I think I’m going to end up ditching both Gallery and Flickr in favor of NextGen. I’m working on moving, copying and or transferring photos over to it as we speak. I can FTP whole folders, autoscan to add them to galleries, and be done with the whole thing in less time than it would take Gallery’s uploader to start. So, from now on, take a look at the “Photos” link above and in the page links. It’s there to stay and the other galleries/link will be deleted from the project page. Sorry this isn’t a more in depth, life affirming sort of post, but I just thought I’d share a nifty plugin. More life affirming later.
by Matt | Jan 11, 2008 | Aggravation, Web
More scraped content from here is appearing on another site. It’s just such a joy to have to track down a host and write a C&D letter just because some toolbox decides to set up an “autopost” wordpress install. That’s why, starting now, I’m including a nice little message in my RSS feeds thanks to RSS Footer.
You can’t really stop these assholes from doing it, but at least my name and website (and little message) are plastered all over each entry. So, if they scrape them now, they get not one, but 3 links back here.
For those of you playing by the rules, all you’ll see in your RSS reader is a quick message before the normal content:
“Post from: DocHoloday.com. If you’re reading this on any other site, you’re reading stolen content. Web scrapers suck.”
Die scraper die!
Recent Comments