WordPress is a very empowering software, but also can be easily exploited because of how it was created. WordPress was designed to make it easy for users to customize their blog without having to login to the server, but this opens up possibilities for holes. I’ve had a couple of my WordPress sites hacked and I wanted to share a few tips to help identify files that have been hacked. sucuri.net provides a free security scanner that you can point at your WordPress site and have it check for spam links or possible security issues. It won’t catch all of the issues, but it is a great place to start.
What if sucuri finds spam links? How will you get rid of them? I’ve created a very simple bash script that allows you to check multiple WordPress sites for offending text. The script can also be run from the command line of the server that your wordpress is installed on.
Create a file on your wordpress server and call it secure.sh and then paste the text below in it, replacing example.com/ with the directory of your wordpress install
grep -r "netstat" example.com/
In this case netstat is a networking command line call that I found in some of my hacked files that allow the hackers to gain server access. You can replace the “netstat” with any text and it will scan through all of the files and list out files with it. If sucuri finds spam links, put some of the text in quotes and run the command. Note that you can run
grep -r "netstat" example.com/
from just the command line as well and get the same results. When you are running the command or bash script, it may show that it is unable to access certain directories in your wordpress installation. These are most likely hacked directories. Check the permissions of the directories and change them so that you can get access to them. In my case, the directory’s name was log. I changed the permissions of the directory using:
chmod -R 700 example.com/somedir/log
where example.com/somedir/log would be replaced with the directory that wasn’t able to be read.
Once you change the permissions then you can delete the directory. Check to make sure there isn’t any critical files in the directory first.
I’m in no way a security expert but the steps above helped me identify and clean up hacked code.
I haven’t blogged in a bit but thought I’d do a quick post on changing how your profile will appear to other users on LinkedIn.
When you view a user’s LinkedIn profile, it captures this and displays it in a report to the user. If you’d like more anonymity when navigating through the site, do the following:
Login to LinkedIn
Click on your name in the top right corner and select “Settings”
Click on the Profile tab towards the bottom of the screen
Click on “Select what others see when you’ve viewed their profile”
From here you can have your name and company displayed to other users, just the Company, or be completely Anonymous
This was an unknown setting to me until I started digging into LinkedIn more and wanted to share it with everyone.
I’ve been doing some research around hosted E-commerce solutions and wanted to post my results in hopes that people can offer insight into the best solution or recommend one that I haven’t covered yet. Below is the information I’ve pulled together thus far. I’d appreciate any feedback on the options and any recommendations for options I haven’t considered.
I’m setting up some servers that are restricted but still need to be monitored. In order to do this I setup an .htaccess file that denies traffic by default expect for IPs that are allowed. Here is the file that you can use to allow servers from pingdom but restrict everything else. Note you’ll have to add your own IP address and anyone else that wants to access the site:
deny from all
allow from 184.108.40.206
allow from 220.127.116.11
allow from 18.104.22.168
allow from 22.214.171.124
allow from 126.96.36.199
allow from 188.8.131.52
allow from 184.108.40.206
allow from 220.127.116.11
allow from 18.104.22.168
allow from 22.214.171.124
allow from 126.96.36.199
allow from 188.8.131.52
allow from 184.108.40.206
allow from 220.127.116.11
allow from 18.104.22.168
allow from 22.214.171.124
allow from 126.96.36.199
allow from 188.8.131.52
allow from 184.108.40.206
allow from 220.127.116.11
allow from 18.104.22.168
allow from 22.214.171.124
allow from 126.96.36.199
allow from 188.8.131.52
allow from 184.108.40.206
allow from 220.127.116.11
allow from 18.104.22.168
allow from 22.214.171.124
allow from 126.96.36.199
allow from 188.8.131.52
allow from 184.108.40.206
allow from 220.127.116.11
Pingdom may change server IPs periodically so please confirm that the IP addresses are correct before adding them.
I just got an EEEpc 900 off of eBay that had XP loaded on it. It was pretty cheap ($179 with shipping and tax) and overall have pretty good specs including 1GB of RAM, 16GB SSD Hard Drive, built in Mic and 1.3MP camera. The goal was to get this for when I’m traveling to decrease the weight and easier to pack. Once I got it I got things ready to install Ubuntu Remix on it. Here are the steps I took:
Setup a USB installer as the netbook doesn’t have a CD/DVD drive on it. I tried using the usb creator built in with the Ubuntu remix ISO but that didn’t work out so I used UNetBootin
I got the Flash Drive setup and ran the installer and it worked out well, the touchpad didn’t work during the installation but I had a usb mouse and that allowed me to control and finish the installation
Once I got it installed the wireless worked right away, the touchpad worked, when I closed the lid it went into standby properly
I need to get a new battery for it as it only came with a 4 cell and it seems to already be losing charge. Otherwise the installation was easy and I’m really happy with it.
The support plan structure that we subscribe to at MindTouch includes 2 tiers of tickets. The first tier is a System Maintenance ticket which are basic questions about how to use/install/configure MindTouch. Then we have advanced tickets called METs (MindTouch Expert Tickets). These allow for support for advanced functionality within MindTouch.
METs are a cornerstone to the support plans as far as one of the main differentiators. With this in mind we needed an effective way to track and communicate to the customer their usage of these tickets. This motivated me to create a PHP/AJAX application that surfaces the number of tickets used and how many are left.
The key functionality of this application relies on effectively categorizing tickets in a way that can be surfaced and counted. We use ZenDesk for our helpdesk which has a pretty robust RESTful API. I setup a workflow in ZenDesk that would automatically tag the ticket with an MET tag based upon the categorization of the ticket itself. Once this is done then the ticket will go through its normal cycle of resolution. In the background nightly I have a PHP script that hits the ZenDesk API and queries based upon values from our database and the categorization in ZenDesk. It then loops through all of the organizations and parses the total number of METs have been used during their support plan timeframe.
This helps the agents have a better idea of the customer’s support level along with providing useful information to the customer as to the status of their account.
I started messing around with Open Office 3.0 tonight. There is a sweet extension for it called the PDF import It allows you to import a PDF document into Open Office Draw, and change it. This is awesome as before, one would have to have an Adobe product in order to edit a PDF. I encourage you to download Open Office 3.0 and try out this extension.
I’ve been waiting for Open Office 3 for a while for one of its best features, compatibility for Microsoft Office 2007 files. For those of you that don’t know, Open Office is an Open Source alternative to Microsoft Office. It is very easy to use and includes the full suite that you would get with Microsoft Office. You can download the newest version of Open Office here. It hasn’t been officially announced yet so if you go to www.OpenOffice.org it will be the previous version. Anyone that currently has Microsoft Office, I encourage you to try this out.
When Google Chrome came out I was excited at first as it was super fast. I was a tad annoyed as it was another browser in the already annoyingly saturated market that web designers have to take into consideration when designing. Then I read an article about the TOS for Google Chrome and how they retained the right to use anything that you accessed in the browser. This concerned me a lot, even to the point where I said that I didn’t want to get a phone with Android. It has been cleared up now though and it was an oversight by Google. Read the following blog post for clarification on the issue: http://www.mattcutts.com/blog/google-chrome-license-agreement/