Category Archives: Technology

Checking your WordPress blog for hacked files

WordPress is a very empowering software, but also can be easily exploited because of how it was created. WordPress was designed to make it easy for users to customize their blog without having to login to the server, but this opens up possibilities for holes. I’ve had a couple of my WordPress sites hacked and I wanted to share a few tips to help identify files that have been hacked.

Scan your site for free – sucuri.net provides a free security scanner that you can point at your WordPress site and have it check for spam links or possible security issues. It won’t catch all of the issues, but it is a great place to start.

What if sucuri finds spam links? How will you get rid of them? I’ve created a very simple bash script that allows you to check multiple WordPress sites for offending text. The script can also be run from the command line of the server that your wordpress is installed on.

  1. Create a file on your wordpress server and call it secure.sh and then paste the text below in it, replacing example.com/ with the directory of your wordpress install
#! /bin/bash
grep -r "netstat" example.com/

In this case netstat is a networking command line call that I found in some of my hacked files that allow the hackers to gain server access. You can replace the “netstat” with any text and it will scan through all of the files and list out files with it.  If sucuri finds spam links, put some of the text in quotes and run the command. Note that you can run

grep -r "netstat" example.com/

from just the command line as well and get the same results. When you are running the command or bash script, it may show that it is unable to access certain directories in your wordpress installation. These are most likely hacked directories. Check the permissions of the directories and change them so that you can get access to them. In my case, the directory’s name was log. I changed the permissions of the directory using:

chmod -R 700 example.com/somedir/log

where example.com/somedir/log would be replaced with the directory that wasn’t able to be read.

Once you change the permissions then you can delete the directory. Check to make sure there isn’t any critical files in the directory first.

I’m in no way a security expert but the steps above helped me identify and clean up hacked code.

LinkedIn Privacy settings

I haven’t blogged in a bit but thought I’d do a quick post on changing how your profile will appear to other users on LinkedIn.
When you view a user’s LinkedIn profile, it captures this and displays it in a report to the user. If you’d like more anonymity when navigating through the site, do the following:

  1. Login to LinkedIn
  2. Click on your name in the top right corner and select “Settings”
  3. Click on the Profile tab towards the bottom of the screen
  4. Click on “Select what others see when you’ve viewed their profile”
  5. From here you can have your name and company displayed to other users, just the Company, or be completely Anonymous

This was an unknown setting to me until I started digging into LinkedIn more and wanted to share it with everyone.

E-commerce Solution evaluation

I’ve been doing some research around hosted E-commerce solutions and wanted to post my results in hopes that people can offer insight into the best solution or recommend one that I haven’t covered yet. Below is the information I’ve pulled together thus far. I’d appreciate any feedback on the options and any recommendations for options I haven’t considered.

  Cafe Commerce Shopify Volusion Magento Go Big Commerce
Paypal Processing Yes Yes Yes Yes Yes
Credit Card Processing Yes Yes Yes Yes Yes
Transaction fees for processing CCs (if company processes on your behalf) 2.16% Based on Auth Provider 2.17% Based on Auth Provider Based on Auth Provider
Mobile e-commerce support No No – iphone mgmt Yes Not Available Yes
Coupons Yes Yes Yes Yes Yes
API No Mention Yes Yes (with $99/mo plan) Yes Yes
Custom CSS Yes Yes Yes Yes Yes
Custom HTML  No Yes Yes Yes Yes
Shared SSL included Yes Yes Yes Yes Yes
Custom Domain support Yes Yes Yes Yes Yes
Hosting included Yes Yes Yes Yes Yes
Support 24×7 Yes No Yes Yes No
Quickbooks integration No Yes ( starts at $10/mo) Yes (3rd party integration. Prob addtl cost) Yes (addtl cost starts at $299/year ) Yes
           
Founded 2011 2006 1999 2001 2003
Good Starting Level $30 $59 $39 $25 $39.95
Transaction fee (not associated with CC) No Yes (1% at this level) No No No
Max number of products to add Unlimited 2,500 500 500 500
Bandwidth Unlimited Not available on site 3GB 8GB 3GB
Storage Unlimited 500MB Not available on site 800MB 300MB

.htaccess file to allow pingdom servers

I’m setting up some servers that are restricted but still need to be monitored. In order to do this I setup an .htaccess file that denies traffic by default expect for IPs that are allowed. Here is the file that you can use to allow servers from pingdom but restrict everything else. Note you’ll have to add your own IP address and anyone else that wants to access the site:

order deny,allow
deny from all
allow from 83.140.19.38
allow from 67.228.213.178
allow from 208.43.68.59
allow from 94.46.240.121
allow from 72.46.130.42
allow from 173.248.147.18
allow from 173.204.85.217
allow from 84.246.230.247
allow from 212.84.74.156
allow from 64.141.100.136
allow from 178.255.152.2
allow from 64.237.55.3
allow from 178.255.155.2
allow from 178.255.153.2
allow from 178.255.154.2
allow from 96.31.66.245
allow from 82.103.128.63
allow from 67.205.112.79
allow from 78.136.27.223
allow from 67.192.120.134
allow from 207.97.207.200
allow from 207.218.231.170
allow from 95.211.87.85
allow from 83.170.113.102
allow from 74.52.50.50
allow from 74.53.193.66
allow from 204.152.200.42
allow from 85.25.176.167
allow from 174.34.162.242
allow from 70.32.40.2
allow from 174.34.156.130
allow from 69.59.28.19

Pingdom may change server IPs periodically so please confirm that the IP addresses are correct before adding them.

Installing Ubuntu Remix on EEEpc 900

I just got an EEEpc 900 off of eBay that had XP loaded on it.  It was pretty cheap ($179 with shipping and tax) and overall have pretty good specs including 1GB of RAM, 16GB SSD Hard Drive, built in Mic and 1.3MP camera.  The goal was to get this for when I’m traveling to decrease the weight and easier to pack.  Once I got it I got things ready to install Ubuntu Remix on it.  Here are the steps I took:

  1. Setup a USB installer as the netbook doesn’t have a CD/DVD drive on it.  I tried using the usb creator built in with the Ubuntu remix ISO but that didn’t work out so I used UNetBootin
  2. I got the Flash Drive setup and ran the installer and it worked out well, the touchpad didn’t work during the installation but I had a usb mouse and that allowed me to control and finish the installation
  3. Once I got it installed the wireless worked right away, the touchpad worked, when I closed the lid it went into standby properly

I need to get a new battery for it as it only came with a 4 cell and it seems to already be losing charge.  Otherwise the installation was easy and I’m really happy with it.

Support Plan Management Application

The support plan structure that we subscribe to at MindTouch includes 2 tiers of tickets.  The first tier is a System Maintenance ticket which are basic questions about how to use/install/configure MindTouch.  Then we have advanced tickets called METs (MindTouch Expert Tickets).  These allow for support for advanced functionality within MindTouch.

METs are a cornerstone to the support plans as far as one of the main differentiators.  With this in mind we needed an effective way to track and communicate to the customer their usage of these tickets.  This motivated me to create a PHP/AJAX application that surfaces the number of tickets used and how many are left.

The key functionality of this application relies on effectively categorizing tickets in a way that can be surfaced and counted.  We use ZenDesk for our helpdesk which has a pretty robust RESTful API.  I setup a workflow in ZenDesk that would automatically tag the ticket with an MET tag based upon the categorization of the ticket itself. Once this is done then the ticket will go through its normal cycle of resolution.  In the background nightly I have a PHP script that hits the ZenDesk API and queries based upon values from our database and the categorization in ZenDesk.  It then loops through all of the organizations and parses the total number of METs have been used during their support plan timeframe.

Once it receives this information it updates the database.  The information is then surfaced through a javascript widget that receives information from ZenDesk as to the user’s organization.

This helps the agents have a better idea of the customer’s support level along with providing useful information to the customer as to the status of their account.

Cool PDF import extension for Open Office 3.0

I started messing around with Open Office 3.0 tonight.  There is a sweet extension for it called the PDF import It allows you to import a PDF document into Open Office Draw, and change it.  This is awesome as before, one would have to have an Adobe product in order to edit a PDF.  I encourage you to download Open Office 3.0 and try out this extension.

Open Office 3 is available!

I’ve been waiting for Open Office 3 for a while for one of its best features, compatibility for Microsoft Office 2007 files.  For those of you that don’t know, Open Office is an Open Source alternative to Microsoft Office.  It is very easy to use and includes the full suite that you would get with Microsoft Office.  You can download the newest version of Open Office here.  It hasn’t been officially announced yet so if you go to www.OpenOffice.org it will be the previous version.  Anyone that currently has Microsoft Office, I encourage you to try this out.

Was skeptical about Google Chrome, but feel better now

When Google Chrome came out I was excited at first as it was super fast.  I was a tad annoyed as it was another browser in the already annoyingly saturated market that web designers have to take into consideration when designing.  Then I read an article about the TOS for Google Chrome and how they retained the right to use anything that you accessed in the browser.  This concerned me a lot, even to the point where I said that I didn’t want to get  a phone with Android.  It has been cleared up now though and it was an oversight by Google.  Read the following blog post for clarification on the issue: http://www.mattcutts.com/blog/google-chrome-license-agreement/