Troubleshooting WP

this is a test

My WordPress wigged out on me for some reason. It looks like a plugin wasn’t compatible with the latest WordPress and made every direct-link page a 404 page.

Annoying!

It appears to be fixed now, but if you have any problems with anything on this site, please let me know, thanks!

buh-bye Blogger, Hello WordPress!

I am being forced to migrate my website off of blogger as they are discontinuing their FTP publishing which I use to have my twitter tweets show up on my blog.

The blog URL will continue to be mike.creuzer.com, but the site may go away for a short period during this period of time.

You may need to update bookmarks & links to the site. You may also need to re-subscribe to the RSS feed as it is being moved to feedburner.

The first post on the new system will be on my new baby, Bella! So stay tuned!

HACKED!!!!

A friend’s website was hacked recently. It wasn’t a big deal for him, as it was a testing/playground site anyhow. The site was simply homepage defaced. The site was due to be drezzed and rebuilt anyhow.

I was concerned because it was a Joomla website. My sites at work are Joomla sites.

I tracked down how it was hacked for him. It took me an hour.

It was hacked out of Turkey – no legal recourse for him.

Basically, it turns out there was a bug in the password reset code that allowed them to reset the admin password.
http://www.compassdesigns.net/joomla-blog/Admin-Password-Reset-Vulnerability-in-Joomla-1.5.html — OHPSS!!!

It is interesting to note that they used google for finding websites with the vulnerability – their search was http://www.google.com/search?hl=tr&q=inurl:%22com_user%22+hello&start=40&sa=N

The steps that I took to figure this out. I had my friend dump the website and send it to me. The dump was the full filesystem for that website, a full MySQL dump of the database(s) for the site, and all the log files for that site. At this point he could start doing what he needed to do to rebuild the site.

When I got this zip file, I opened it and went to the logs. I just scrolled through the log to see if anything obvious stood out. Nothing at the initial glance.

Thinking it was a remote file include problem, I started looking for URLs that could have been included. This wasn’t it, but it did lead me to a spot where I recognized the name of a foreign file – an MP3 that the hackers uploaded.

I then grabbed their IP address and looked at the first instance where they interacted with the system. I found the google search and the click through to the password reset page.

At this point, I did a google search of my own and found the hack.

A note on their behavior during the attack:
They started at 7:37 am our time, and where done by 7:49.
They checked the site again at noon, and again at 10:15pm. I guess they wanted a good laugh at how long it took before the site got fixed.

The moral of this story is that if you use open source software, make sure you keep it updated. With the ability to google search for pages that are running a known piece of code, an aweful lot of websites can get hacked between the time a vulnerability is know until a fix is released and until you get that fix installed.

Ten Dollar Dates

A friend of mine has started a new website. The site is all about inexpensive date ideas. http://www.tendollardates.com/

I think this may be an excellent resource for us guys to get a woman’s perspective on what we can do to be sweet. Cheap.

This should be an excellent resource for me down the road – good thing Katie doesn’t know about the site yet. I am going to subscribe to the RSS feed and get my daily dose of do-good ideas.

Lets all leave comments or trackbacks, and let her know we are interested so she gets into the habit of posting an idea a day. If you have any suggestions, feel free to leave a comment here with them or email them to me and I will forward them on to her.

New website design.

Well, I couldn’t sleep tonight, tired, can’t think straight, but can’t sleep. Lots of fun.

I had stumbled across an interesting site layout at bloggerdesign.com/. It is rather ironic that it’s a “blogger” design site but it uses WordPress. Anyway, I liked the 3 column layout that folds up nicely for smaller screens. Resize the screen, the side columns collapse down and towards the left margin. It works OK for 800×600, a little too much right whitespace, but tolerable. it looks good at 1024×768, and freaking awesome on my 19″ monitor, what ever it is set to.

There is a little mini-nav bar on the left edge of the screen that is pretty cool, but I need to find some icons for it. It is not being populated for the time being.

I like how the post area is about 25% bigger. In the posts, the images and videos where kinda cramping any text that was flowing around them. I also like the wider side column, it is big enough for my fish-cam and my google calendar. I was thinking of running the wider column for stuff internal to my blog, and the narrower column for stuff external to my blog. The calendar kinda sorta breaks that, but I guess it is still about me, so I will say it is internal to the blog.

I think I have a good site template, I just need to work on making it “pretty” now. I want to make some kinda of fancy top for the 2 side columns and a curve/angle for the bottom right edge to lead the columns back into the main column.

I would like the design elements to be freshwater aquatic plant themed. Not sure how I would do it, so it probably won’t happen. All of my designs are so… blocky looking. **sighs**

Well, if I am going to be worth $.02 at work tomorrow I had better try and get some sleep.