Quasi-daily linkage

I’ll be damned – more WP trouble

I was fixing a webcomic issue on Greg’s blog, and I’ll be damned if from one minute to the next, it didn’t suffer from an index.php injection, too. This is weird as hell. A bunch of spurious content appeared on his homepage, although clicking through to those posts showed the correct content.

It may be time to look for alternative blagging software. Unfortunately, there are a lot of nice features that I use in WP.

They Might Be Giants. Maybe.

I got to see them last weekend in Hotlanta, GA. Pretty good show, although it had a more “indie” feel than I was expecting. I guess Greg‘s idolization of them leads me to think of them as a fairly major/big-label group, which they aren’t.

They put on a good show, even though I’m never a fan of a performer looking bored as a way to look “cool”, which the accordion guy pulled. Dude, get crunk. You play an accordion.

Greg and I missed JoCo‘s opening act due to some stupid traffic in South Carolina, but I should get to see him when I go to the Charlotte version of the concert this Wednesday with Nathan and Michael.

While Greg’s off gallivanting around in San Fran, I’m going to be seeing two of his favorite musicians perform.

WordPress PHP injection?

I just found a creepy case of injection in my index.php file. I noticed this morning that my homepage was throwing a “headers already sent” message pointing to index.php, line 10 when it wasn’t cached by Supercache. A reload of the page cleaned it up. But my RSS feed (which currently goes through Feedburner) was also trashed, and /feed wasn’t redirecting. All with the same error. Disabling Supercache fixed the homepage warning, but not the feed.

Being PHP awesome, I checked index.php for trailing whitespace, and found this snippet of code above the standard WordPress code:

That’s a problem. That forum file is, as you might expect, a crap ton of links and some JavaScript.

A few things to note:

  1. My SSH/bash history is complete and untouched. That is, I can see back for weeks, and all the commands are mine. So it doesn’t seem to be that sort of break-in.
  2. I just upgraded to WP 2.9.2 yesterday through the admin console. Likely culprit? Probably.

Can’t say for sure what it was, since I didn’t do more than a cursory check after I upgraded. The homepage would have been cached, so I wouldn’t have seen the warning there.

I suppose I should report this.