Tag Archives: Wordpress

Recovering ‘lost’ pre-WordPress blog content from PHPNuke

I upgraded this site from PHPNuke to WordPress in 2005.  The cut over was rather abrupt and poorly thought out by yours truly.  At the time, I believed I had successfully migrated all of my old content to the new environment.  But several years later (!!), I realized the migration had left any article from my old site with a ‘read more’ tag without more to read in my WordPress configuration.  This bothered me, and today I decided to see what I could do to ‘fix’ it.

Continue reading Recovering ‘lost’ pre-WordPress blog content from PHPNuke

It’s full of post_content…

My site has been plagued by odd characters in some of my old posts for a rather long time.  The most common is the seemingly random appearance of Â characters in the midst of some of my posts.

I know the basic cause: one of my WordPress / MySQL updates in ancient times (circa 2008) ended up producing a character set mismatch.  I long ago fixed the cause, but all the existing bad characters persisted.  Until today… I hope

Continue reading It’s full of post_content…

Stupid spam robots…

You may notice that the “furballs coughed up… #### today alone!” number in the header of this blog seems oddly inflated.  Your observation would be correct: I suspect no more than a couple hundred humans visit this site in a given day.  However, the spam robots visit in vast, unending waves.

Continue reading Stupid spam robots…

Getting tough on spam users…

I run a simple little blog here.  I don’t make any money off of my site even, although I’m not adverse to doing so as long as it isn’t obtrusive.  I don’t sell anything, nor do accept submissions other than comments.  The posts here are my own: they aren’t scraped, syndicated from, or re-posted from anywhere else.  Mostly, this site is a vanity site, like a billion others on the Internet.

Despite the complete lack of commercial value to my site, it gets spammed.  Comment spam was a problem a few years ago, and I’ve managed that via Akismet and Bad Behavior plugins for WordPress.  There are still about about 100 spam comments a day hitting my site, but only one or two make it through my watchdogs.  Lately, however, there has been a new irritant: spam users.

never_underestimate_stupid

Continue reading Getting tough on spam users…

Hooking Facebook into my Blog

I’ve been using Facebook (or “Bookface”, as my nephew Shane calls it) fairly regularly lately. Today I decided to see what could be done to integrate my blog and Facebook a bit. I read the “how to” guide by Thiemo Fetzer, and now I have Yet Another WordPress Widget in the left nav of my site.

Nothing has changed for “normal” users of my site. For folks who regularly use Facebook, however, you now have an option. You can click on the “Login using Facebook” option, and your authentication will be handled via Facebook (i.e.: you log in using your Facebook credentials). KellysWorldBlog will be added to your application list once you’ve logged in once. Assuming I understand the application correctly, you won’t automatically receive anything from my site simply by using your Facebook login. I (or any visitor) can, however, click the “facebook share” icon to share individual blog posts on my wall.

What benefits does this give? Well, I guess you don’t need to remember your ID on my blog any more, and your Facebook icon will now appear next to the comments you post. But the main thing this does is allow for easy sharing of my blog posts with your friends.

Continue reading Hooking Facebook into my Blog

Problems with my blog… blank gallery (photo) pages

I was doing some work on my server today and noticed some errors in my logs of the following form:

Feb 23 16:04:45 kgadams httpd: PHP Fatal error: Call to undefined function bodyclasses() in /xxx/wpg2header.php on line 848

The problem appears to relate to an upgrade I performed several months ago in the Atahualpa WordPress theme I use. The result was that any attempt to open a gallery page (i.e.: to look at my photos while visiting my blog) would result in a blank page… and the above error appearing in my server logs.

I’ve corrected the problem, but am disappointed that I didn’t even notice an issue that has probably existed since at least January. Ah well, ignorance is bliss I guess…

WordPress SQL injection hack: watch for=> %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

If you are running a WordPress based blog like I am and suddenly notice your post URLs have something “extra” appended (see the subject line), your blog has been hacked.

You can read more about it here (thanks, UCLABoyz, thanks schang!), where you will also find guidance regarding cleaning the problem up. Unfortunately, it appears that the hack works on all versions of WordPress up to and including the most recent.

I have BadBehavior installed on my blog, and so it was rejecting the URLs with this addition which I *think* would be thwarting the hackers involved: they hadn’t been able to create an administrative user. Unfortunately, it also meant none of my blog posts were working properly until I noticed the problem and corrected it.

Hopefully WordPress will issue a fix for this soon- in the mean time, keep an eye on your URLs, WordPress bloggers!

UPDATE: Another link to a lengthy thread regarding this hack on the WordPress.org site. What is interesting here is the apparent vector: a weakness in the WordPress code, apparently up to and including the most recent release, that permits an ordinary subscriber (i.e.: not an administrative user) to run some administrator features e.g.: changing the permalinks.

UPDATE #2: it appears that updating to the most recent version of WordPress (2.8.4) removes the “double slash” vector for running some admin commands (notably permalink.php). This fix was apparently added somewhere between WordPress version 2.8 and 2.8.4.

I’ve included some extracts from my server logs and further thoughts below…

  

Continue reading WordPress SQL injection hack: watch for=> %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

I have Gravatars?

I installed a new WordPress theme several weeks ago. I noticed a couple of days ago that posts had funny looking “blank portrait” images beside them. I right clicked on them, and noticed that the images were linked to Gravatar. I remember reading about “Gravatars” (globally recognized avatars) quite some time ago, but I more or less dismissed it as not relevant to my interests. I think when I read about it, there may have even been charges associated with the service

Well, apparently it is relevant to my interests now. Automattic (the company responsible for WordPress) has acquired the service, and now you can set yourself up there for free. If go to the Gravatar site or alternately have an account on WordPress.com, you can associate an image with your email address… or apparently several images with several different email addresses. Anyway, once you’ve done that, if you use that same email address to identify yourself on a blog or website that supports Gravatars, your image will appear there without further setup.

All of this was news to me, but apparently Gravatar support is actually “baked in” to WordPress since version 2.5, and any “compliant” WordPress theme inherits this support. I didn’t notice it earlier probably because I was using a non-standard theme. None of this probably means much to most of my visitors but… I found it intriguing to discover something I had completely missed. Sort of like discovering an old friend of yours has been hand carving collectable duck decoys for years and you never had a clue they did any such thing. Exactly like that… except completely different.