WordPress Security Issues

A friend recently brought to my attention that some of my recent posts contained some odd links to casino sites and other such random spam. 7 card stud strategiesfree online video pokerfree texas holdem poker play,free texas holdem poker,free online texas holdem pokerfree online multiplayer pokerplay texas holdem online free,online texas holdem,texas holdem online gameonline betting pokerpoker siteinternet poker,card game internet poker,bonus internet pokerpoker freefree internet pokercrazy game of pokerpoker gambling gameonline poker schoolfree poker softwareplay video pokeronline poker for fungambling pokerstrip poker gameonline poker bonusvideo poker bettingbest airline miles credit cardcard credit interest lowest ukcredit card debt consolidation loancard consolidation credit debt unsecuredaccount best buy card credit,best buy card com credit,best buy credit cardcard credit debt free helpbank card credit georgia monogramuk credit card companycard company credit uk? ?,credit card company,card company consolidation credit xxasdfinstant approval credit card,approval business card credit instant,approval card credit instant offercard credit mutual providian washingtonapplication canada card creditcredit card processing machine,card credit machine processingcard comparison consolidate credit debtchase credit card servicesmbna america credit cardsears credit card paymentcard credit debt negotiation settlement? ?,credit card debt negotiation,card credit debt negotiationcard credit credit free no online report,card credit credit free online report,free online credit cardsetup online credit card processinginstant online credit card applicationcredit card debt elimination,total credit card debt elimination,mbna credit card debt eliminationapplication canadian card credit visa,application card credit online visa,visa credit card applicationbank card credit,first premier bank platinum credit card,associate bank credit cardcard credit payment searsdirect merchant credit cardbank credit card application,application bank card credit orchard? ?,citi bank credit card application0 balance card credit transfercredit card debt relief,card credit debt debt relief stop,credit card debt relief nonprofitcard consolidation credit debt service After further investigation I found a total of 5 posts affected and I’m confident it was due to the recently patched security issue found in WordPress. More info can be found over on their blog. I suppose that will teach me for letting the version slide for a little while without upgrade. I’m also glad that I only had 80 some posts to look through, it certainly could have been much worse…

Anyway, if you run a WordPress blog, make sure to upgrade ASAP.

Tagged with: , ,
Posted in Misc

Quick Ext IE Tip

I’ve found myself basically living in Firebug lately, and getting used to using console.log and console.dir a whole bunch. Problem is that I\’m not running firebug lite so I don’t have any IE equivalent. Tossing this script in real quick has helped out a lot.

Ext.onReady(function(){
try {
console.log(‘bleh’);
} catch (e) {
console = { log: Ext.log };
}
});

As long as you’re using ext-all-debug, you have access to Ext.log and this gives you a decent IE alternative.

Posted in Ext, Javascript

Apache Digest Authenticaion on Ubuntu 7.10

I’ve been looking to make my apache server available on the web from time to time so I can have others look at things I’m working on. I didn’t want to just hang everything out there unsecured, so I took a look into setting up Digest authentication since Basic sounds quite insecure. I dug around for a while and found several guides that showed different ways to set it up but none of them contained all of what I needed to get a global password protection.

The first step was to stop loading the basic auth module

sudo rm /etc/apache2/mods-enabled/auth_basic.load

Now I needed to include the digest auth module

sudo ln -s /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled/auth_digest.load

Pretty straight-forward, though none of the guides I looked at mentioned it. Next I needed to use the ‘htdigest’ command to create the text file to store the username and password. It is highly recommended (for obvious reasons) that this file not be within a directory apache makes available to the web. Create a new directory outside of /var/www and change to it.

htdigest -c digest main rwaters

The htdigest command takes 3 parameters (and an optional -c flag to create a new file), the first param is the filename, second is the realm (more on this in a bit), and the third is the username. The command then prompts you to enter and re-enter the password, it hashes it and creates a text file. The last required bit is to modify the apache config to actually use auth-digest and point it to the digest text file. If you left everything as the default Ubuntu settings then the config file that defines directories and access to them is in /etc/apache2/sites-enabled/000-default. To make the settings global I applied them within the directive.

AuthType Digest
AuthName “main”
AuthUserFile /path/to/the/digest/file/from/above
Require valid-user

Pretty straight-forward, the AuthName setting matches up to the realm you defined when generating the password. The one thing that kept throwing me was that the guides I looked at said to use AuthDigestFile instead of AuthUserFile and apache kept claiming that AuthDigestFile was not a valid configuration option. Anyway, you can add as many username and password combinations as you like to the digest text file. Next up for me is to enable SSL and force all urls to redirect to HTTPS.

Posted in Misc

Ext 2.0.2 Released

Yesterday marks the latest and probably final Ext release before 2.1. Latest releases are always available via http://extjs.com/download

As usual there are quite a few bug fixes, and some nice refactorization. This release also includes a whole bunch of new code to aid with developing an Adobe AIR app with Ext. Jack has spent a great deal of time over the past few months to build some nice wrappers and make using Ext with Air amazingly simple. Jack wrote a lengthly blog post that goes into detail about all the cool new Air components over on the official Ext blog.

Aside from just Air stuff, Jack managed to sneak in a couple cool components that very well make work their way into the core release. The ListTree is a combination of a Combobox and a TreePanel and definitely looks to be a slick way to select from hierarchical data. Check out the post for more info and links to grab the latest version of the Air app to play with.

Posted in AJAX, Ext, Javascript

Ext.nd Beta 1 Release

Only a few days behind schedule. Though hopefully everyone will really enjoy all the extra work that went into this release.

  • New web interface to the Ext.nd database
  • New included demo database
  • Simplified deployment, no longer a requirement to copy over tons of design elements
  • Uses Ext 2.0.1
  • New ViewSuggest component
  • Automatic conversion of several basic @formulas
  • Lots and Lots of Bug fixes

Check out the Release Thread for the download

Posted in Ext, Ext.nd, Lotus Domino, Lotusphere