- The Tiny Life , Archive » Driving Habits vs Gas Prices – This might be one of the most ridiculous graphs I've ever seen. Just sayin'.
- Facebook’s Gone Rogue; It’s Time for an Open Alternative – Wired is a little late to report on this, but this is one of the reasons I've done a sweep and shut down much of my presence on FB. It's up for debate whether I'll just close the account.
- The Tiny Life , Archive » One Cool Habitat – I always marvel at the tiny, gorgeous houses that are posted on this site. They're so elegant.
- On self-dealing « Courtney Milan’s Blog – Some literary agents are opening their own publishing shops. Sketchy.
- Top 10 Motivation Boosters and Procrastination Killers – Procrastination – Lifehacker – This is an impressive list of exactly what the title says — ways to break past barriers to getting work done.
Tag Archives: security
I’ll be damned – more WP trouble
I was fixing a webcomic issue on Greg’s blog, and I’ll be damned if from one minute to the next, it didn’t suffer from an index.php injection, too. This is weird as hell. A bunch of spurious content appeared on his homepage, although clicking through to those posts showed the correct content.
It may be time to look for alternative blagging software. Unfortunately, there are a lot of nice features that I use in WP.
WordPress PHP injection?
I just found a creepy case of injection in my index.php file. I noticed this morning that my homepage was throwing a “headers already sent” message pointing to index.php, line 10 when it wasn’t cached by Supercache. A reload of the page cleaned it up. But my RSS feed (which currently goes through Feedburner) was also trashed, and /feed wasn’t redirecting. All with the same error. Disabling Supercache fixed the homepage warning, but not the feed.
Being PHP awesome, I checked index.php for trailing whitespace, and found this snippet of code above the standard WordPress code:
That’s a problem. That forum file is, as you might expect, a crap ton of links and some JavaScript.
A few things to note:
- My SSH/bash history is complete and untouched. That is, I can see back for weeks, and all the commands are mine. So it doesn’t seem to be that sort of break-in.
- I just upgraded to WP 2.9.2 yesterday through the admin console. Likely culprit? Probably.
Can’t say for sure what it was, since I didn’t do more than a cursory check after I upgraded. The homepage would have been cached, so I wouldn’t have seen the warning there.
I suppose I should report this.
Quasi-daily linkage
- My God—it’s full of unicorns! – Meta Stack Overflow – This is hilarious. I'm going to have to play around with this in WP.
- Dynamic Dummy Image Generator – DummyImage.com – C/o my darling, this is a pretty cool way to generate placeholder images.
- Alex Payne — On the iPad – This is the best damn commentary on the iPad that I've seen yet.
- A Toronto Data Guy, I want privacy because I break the law – This is a good essay on privacy and how that related to purposefully and accidentally breaking the law. I like that he doesn't once go into copyright violation (which isn't law breaking, although many think so).
- 10 things netbooks still do better than an iPad – Laptop & Notebook computers – I'll personally be sticking with netbooks for a while longer (for several of the reasons mentioned in this article, actually), but what tickled me pink here was the line: "Even the most basic netbook has a 160GB hard drive." My netbook has 4GB. I knew it was a dinosaur at ~2 years old, but damn. Maybe $400 for a newer one wouldn't be so bad.
Quasi-daily linkage
- omahas: "Educating" our little ones in the fascist state – How about this shit? "Apparently, Playmobil thought it was a good idea to come up with the Playmobil Security Check Point for kids."
- Official Google Blog: A new approach to China – "These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China"