Archive for the ‘blog’ Category
Hmm, weird. I changed the value of the PHP.ini value in memory_limit to 194M, and then my site crashed and burned. Either I made a typo (unlikely, but possible, I guess), or this value is not unlimited. I’m getting memory errors trying to install iThemes Security Pro, so thought to increase the PHP memory allocation. Something is still awry with everything, but I’m not sure what, yet.
Fatal error: Allowed memory size of 67108864 bytes exhausted (tried
to allocate 122880 bytes)
I’m also getting errors while using my long-time blogging tool, the incredibly useful MarsEdit, so am attempting to post directly from the WordPress dashboard for a change.
Can’t post for B12 Partners Solipsism because the server reported an error: unexpected response code 500.
Yesterday, I logged on to my WordPress Dashboard to see if any upgrades were available. I usually log on a few times a week, depending upon how actively I’ve blogged, or if I know of a WordPress upgrade. Once I logged on, I got an odd message that my plugins didn’t load because something was wrong with their headers. I clicked the Plugins menu to see what was going on, and instead, there was a message saying “You do not appear to have any plugins available at this time.”
Earlier in the week, the same thing had happened to my photo blog – plugins suddenly were non-functional. I was in the middle of a work-related crisis, so asked my cousin, the WordPress expert who actually constructed the photo blog, to look into it. He found malware, restored the photo blog to an earlier version with a backup, and it seemed ok. Since I was still sweating out the work-related crises, I didn’t look deeper. The photo blog seemed to work ok.
But now my blog was doing the same thing, and I had some time to investigate. I logged in to my site via FTP, and looked in the plugins folder. Several plugins were there. I opened one plugin directory, and one PHP file1 at random: the first line was a long string of code, obviously some sort of malware. Ru-oh! I renamed the plugins folder, which rendered it unusable by WordPress, created a new folder called plugins, and quickly installed a fresh copy of Akismet, a spam comment blocker. In the 15 minutes or so it took from when I first encountered an error until when I reinstalled Akismet, I received 59 spam comments! Yeesh.
I looked at the various WordPress PHP files, bits of code that make the blog do what it does, every single one had the same piece of malware inserted in the first line. I reinstalled WordPress, which creates fresh copies of the majority of PHP files in wp-admin; in wp-includes and in the default WordPress directory. However, some files were not replaced, I had to open them manually and strip out the malware. Reinstalling WordPress does not touch anything in wp-content – themes, plugins, etc. I did not have backup copies of my Solipsism theme for some reason, so I had to clean several files here manually. Initially I mucked this procedure up by stripping out some good code as well, but eventually I figured out what was missing.2
I took a deeper look at my photo blog, and though the plugins were clean, and the theme files were clean, all other PHP files were corrupted. Again, I reinstalled a fresh copy of WordPress 4.1, and manually cleaned the remaining files (wp-config.php; wp-pass.php, wp-feed.php and so on).
You Do Not Have Any Plugins Available.PNG
I host a couple of subdomains3 which are static paged WordPress installations, both of these directories were full of the malware code. In fact, in the process of cleaning up, I discovered what the malware did. On both of these subdomains, there was a plugin directory called, innocuously enough, docs. I didn’t install this plugin, so I was curious what it did. I looked inside its directory, and found a directory called “cache”. In here were nearly 500 files with names like “29fb82abf5c8a42d970f94eed9d69ebf.dat”, and an XML file that indexed these pages using the subdomain’s URL. I opened one of these files with a text editor4 – it was a HTML-type page with the title of “Resume Writing Lookout Heights Kentucky KY 24/7 – Best Resume Writing Services”. The others were similar: “Cv Services Darwin * Best Resume Writing Services 2014 – Jake Bradshaw”; “Payday Loans Near Augusta Ga ! < 24/7 Online Payday Loans”; etc.
The HTML was horribly mangled, I would be surprised if it did anything, but maybe it would be enough if Google indexed a link pointing to some schmoe who paid a consultant for Search Engine Optimization. But maybe not.
For instance, a portion of that particular spam page opened in a web browser looks exactly like this:
Create alert Self experiencing problems with problem with your consult an experienced for example, an e-mail, which is suitable day work. Diamond Call Ross on employer should protect a union, they but it would. Kentucky Diamond View all Altisource Vacations Worldwide jobs jobs Learn more about working at Altisource You can below, together with spending 2-6 hours a day at home This work can be done Colleges Equal Opportunity Williamsburg, Virginia – be at least High School diploma. Diamond
Whatever. I deleted these as soon as I could, shaking my fist at the evil spammer.
I found a few PHP files in my root level directory, I deleted these or cleaned them as needed.
I had tried to install a Drupal blog a while ago, before abandoning it as a futile, frustrating endeavor, but the files were still residing on my server, and all its PHP files were compromised.
I put in a tech-support request to Pair.com, my web-host, asking them to double check if any PHP files remained that were corrupted, I haven’t yet heard back from them. But I think I cleaned up all the malware, all it took was eight hours of work on a Saturday night…
Today I’m planning on looking deeper into the MYSQL databases, and see if there are any unknown users or other oddnesses, and maybe change all my passwords. I’m not sure how the evil spammers were able to insert the malicious code, but I don’t want to have to go through all this again. Oh, and make backups! and backups of the backups!Footnotes:
chainsaw-sculpture – source unknown
If you’ve noticed, in the last couple of days photos have appeared here that have already been posted; duplicate entries from weeks ago. I don’t know why this is happening, but I do know the cause – https://ifttt.com/wtf
I have a recipe1 that works like this: if I add the keyword “blogged” to a Flickr photo, the photo gets published on this blog with the author being “eggplant”. I find this recipe to be a fairly easy way to add photos – all it takes is adding a tag, which can be accomplished even with a mobile devie – the main complaint I’ve had is that the photo has to be fairly recent. It doesn’t work with any image uploaded more than six months ago, give or take.
I’ve used this recipe 183 times as of this morning, but starting yesterday, duplicates started appearing. I’ve deleted them all so far, but since this is an automated process, I don’t notice the duplications until later, which means they get pushed out to my Tumblr blog, Twitter, yadda yadda. Irritating, but not happening frequently enough to turn off the recipe. Yet.
- Recipe is the word IFTTT uses for these scripts [↩]
Sorry if I make your eyes glaze over, but I had some trouble with my blog yesterday, and here is how I solved it.
Background: upgraded a WordPress plugin called Better WP Security, under its new name, iThemes Security Pro, and instantly my blog broke. I could no longer access my dashboard, could no longer make any changes to the blog, all that would happen would be an error message like this:
Warning: Cannot modify header information – headers already sent by (output started at [redacted]/wp-config.php:33) in [redacted]/wp-includes/pluggable.php on line 896
so of course I copied this error out, and Googled it. Unfortunately for me, I searched on the second phrase first, which led to instructions about fixing the code in pluggable.php
Silly me, I was too busy to read more. I opened my FTP program, opened the file pluggable.php and sure enough, the last line did not include a close tag. I added ?> and my blog was working again. I immediately went into plugins and deleted iThemes Security Pro, and as everything seemed fine, went back to my other tasks, considering the matter finished.
This morning, I noticed that the daily blog email didn’t get sent, and then noticed that my blog’s RSS feed reported an error. A few of my plugins were not working at all (such as my anti-spam plugin, Askimet, and others). Ru-oh!
I went back to the Codex WordPress FAQ Troubleshooting page, and read the entire entry:
It is usually because there are spaces, new lines, or other stuff before an opening <?php tag or after a closing ?> tag, typically in wp-config.php.
If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/blog/wp-config.php:34) in /path/blog/wp-login.php on line 42, then the problem is at line #34 of wp-config.php, not line #42 of wp-login.php. In this scenario, line #42 of wp-login.php is the victim. It is being affected by the excess whitespace at line #34 of wp-config.php.
If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/wp-admin/admin-header.php:8) in /path/wp-admin/post.php on line 569, then the problem is at line #8 of admin-header.php, not line #569 of post.php. In this scenario, line #569 of post.php is the victim. It is being affected by the excess whitespace at line #8 of admin-header.php.
(click here to continue reading FAQ Troubleshooting « WordPress Codex.)
Doh! My error message had told me the problem was in wp-config.php, and pluggable.php was the victim. I opened wp-config.php, and sure enough, there were 2 extra blank lines after the close tag. I don’t know how iThemes Security Pro added them, nor why, but once I deleted these two blank lines, my RSS feed validated through feed burner, etc. I trust the blog daily email will go out tonight, whether or not it will contain yesterday’s information too.
Quite the offer here from Rev Kenneth, who claims to be in Florida despite his email being routed via Urbanphilly.com, via a bad English translator. Rev Kenneth is quite the renaissance man, a reverend who works for a charity organization with the best of names, and owns an art gallery that is nameless.
My name is Rev Kenneth, I work for the charity Organization based in Florida. I am 60 years.
I am looking for someone That can handle my business errands falling on his or her spare time (I own an Art Gallery)
I need your services because i am Constantly traveling abroad to supporting the charity Organization. We work in over 190 countries helping children survive, Protecting em from harm and getting ‘em to school.
Manage my business errands today and earn yourself not less than $ 600 weekly. You are not required to travel abroad or inter state. Your errands are simple and straight
1. Receive my email and drop ‘em off at the post office or shipping center.
2. Pick up my items at your Florida post office at your convenience.
3. When you get my email or package, Would you email all items to Where I want em shipped. All dйpenses and shipping costs Will Be covered by me.
The contents of the packages are mostly art materials and paintings. In addition, there Will Be clothing I need for business and personal letters. No heavy packages is Involved
please read the employment requirements listed below.
A. You are an honest and trustworthy citizen.
B. You need to be able to check your EMAIL 2 times daily.
THE WEEKLY PAY IS $ 600 and you are entitle to a brand new car Effective 2weeks if you are hardworking and honest with me, WHICH IS NOT A BAD OFFER.
In closing, I have a pair of questions for you.
First, If I were to mail you money to do my shopping over an upfront payment for your service Where would you want it mailed to?
Second, how would you like for your name APPEAR on any package feels to you?
Apply Below & send your information to Kenneth.firstname.lastname@example.org
Home Address: PO BOX IF AVAILABLE
Hope all is clear?
Waiting to hear from you & I look forward to Establish long-term business relationship with you.
You see, he needs someone to pick up his email, and then drop it off at a post office. Presumedly the email didn’t come in a self-addressed stamped envelope (??).
Also, although the salary is only $600 a week, after two weeks, you’ll get a brand new car. You know, the kind of brand new car you can purchase with $1,200. I guess if you work for a company that goes by the name, Organization, you’ll need help from strangers. Strangers gullible enough to respond with their address and cellphone numbers…
Sorry, Rev Kenneth, your offer doesn’t sound to enticing to me.
I wonder how often normally careful people fall for requests like this one I received early this morning:
Your mailbox has exceeded the storage limit of 10GB, which is as defined by the administrator, you are currently running on 10.9GB, you may not be able to send or receive new messages until you re-validate your mailbox . To re-validate your mailbox, send the following information below:
If you fail to re-validate your mailbox, the mailbox will be disabled!
thank you System Administrator
especially when all the header information is usually hidden by most email clients. Suspicious stuff like email routed from Brazil or Thailand which would be a red flag is normally not displayed.
Received: from localhost (localhost [127.0.0.1]) by email.hujm.ufmt.br (Postfix) with ESMTP id B1DF2389C0B; Sun, 24 Nov 2013 11:03:45 -0300 (AMST) Received: from email.hujm.ufmt.br ([127.0.0.1]) by localhost (email.hujm.ufmt.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hTusU-YxVjDd; Sun, 24 Nov 2013 11:03:45 -0300 (AMST) Received: from [22.214.171.124] (unknown [126.96.36.199]) by email.hujm.ufmt.br (Postfix) with ESMTPSA id B61E7389BF7; Sun, 24 Nov 2013 11:03:28 -0300 (AMST) Content-Type: text/plain; charset=”iso-8859-1″ MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: ATTENTION To: Recipients email@example.com From: “System Administrator” firstname.lastname@example.org Date: Sun, 24 Nov 2013 09:03:19 -0500 Reply-To: email@example.com X-Mailer: TurboMailer 2 Return-receipt-to: firstname.lastname@example.org Message-Id: 20131124140329.B61E7389BF7@email.hujm.ufmt.br
I am the System Administrator for several domains, so I knew this mailbox limit was not accurate, but prior ISPs I’ve used did have a storage limit, and I did open this email almost by habit based on the subject line alone. If I was a less-savvy recipient, would I think it strange that my SysAdmin was asking for my user name and password? Maybe not.
Irritatingly, I clicked “Use SSL” on my WordPress dashboard for the Ted Cruz post I just published, because I didn’t know what that would do. Now, Safari won’t load the page at all. I unchecked the checkbox, but the page still won’t load. I looked closely at the URL and it should be http://www.b12partners.net/wp/2013/09/23/ted-calgary-cruz/ but Safari insists upon loading the “https:” version. As far as I can tell, there is no way to edit URLs directly in Safari, and this behavior persists even after I quit Safari and restarted – I still get taken to the nonexistent “HTTPS” secure version of the page, even if I hand-type the “HTTP” myself.
Safari is Stupid
I tried using the “Short URL” version, I tried typing the correct URL, I tried copying and pasting, but all attempts lead instead to the HTTPS version.
If there is a typo on the page, let me know in comments or email or Twitter, since I can’t see the damn post myself (well, other than in the WordPress Dashboard version, which is not always perfectly accurate). I guess I could click the category archive (Politics), or the tag archive (GOP for instance), but I’m too irritated to do so at the moment.
So I figured that it would be a good idea to show the content of a footnote as soon as you indicate that you are interested in the footnote. Namely, when you move the cursor over the footnote symbol.2 This allows footnotes to work on devices that don’t support mouse hovering3, because you can still jump to a footnote via its link, but it removes the necessity of having to click on a footnote link for most people.
- These footnotes here.
- Like this.
- Such as screen readers, or touchscreen devices like iPads.
Parenthetical note: I’ve had this domain, and thus some sort of a blog for over ten years now1. I feel guilty that I neglect my blog these days: I used to spend a lot of minutes every week crafting mini essays, responding passionately to the news of the day, journaling my life, or just venting. I currently have no motivation to do that. I’m still processing enough photos that I can usually count on a a handful of decent images a week, but as far as deep thoughts? Meh.
I still write blog posts in my mind while showering, or drifting off to sleep, but rarely do I follow through and type those up.
I’ve noticed that my traffic is a sliver of what it once was, and why would you visit this page when there are so many other options to choose from? In 2004, Twitter didn’t exist, Facebook didn’t exist, Huffington Post, Buzzfeed, yadda yadda.
Is it Twitter, sapping our creative energy? Twitter trains you to speak in cryptic headline, limited to 160 characters, including a valid URL, perhaps because I post so many links on Twitter, my blog has suffered. Or else…Footnotes:
If you insist upon being an asshole, and call me foul names, besmirching every liberal on the planet with your oh-so-damn-clever phrases you are repeating from Rush Limbaugh and his like, I won’t publish your comments. Simple enough for you? If you have something intelligent to say, even something that I don’t necessarily agree with, I will publish your comment if, and only if, you write sentences that you wouldn’t be embarrassed to have read on the evening news by your mother, or grandmother. In other words, if your tone would make her blush, it will not get past me either.
For the record, I pay for this blog out of my own pocket, so you have no inherent right to post comments. Free speech only applies to government restrictions upon free speech, and doesn’t give you the right to spew your half-digested, rightwing bullshit all over my blog. Make your own damn blog, and write whatever the hell you want, I don’t care.
If you are interested, in the slightest, in my daily travails and triumphs, you should sign up for my daily email post – automatically created via Google’s Feedburner. In this email, you’ll see my most recent ten photographs, and I will do my best to give you a few interesting articles to read every day. Ideally, you’ll see portions of 9 or 101 articles, plus a sampling of my photographs of the day.
If my work day allows it, there might also be a few blog posts as well included in the email – which are usually longer entries, but to be honest, I don’t seem to have the stamina to create blog posts each and every day any more. Basically, the email will contain items that will never appear on the blog itself – mostly because I’m a lazy fr*ck.
As far as what kind of content you’ll receive in the email, I’d guess the mix of topics to roughly be:
- 40% national US politics
- 5% Chicago politics
- 5% local politics somewhere else like Texas or California, or somewhere I have an interest (Baltimore, Oregon, San Francisco, New York City, Guam, Austin, Yurtistan, yadda yadda). Yeah, I read a lot. I do. Every day, usually.
- 10% music and music history – jazz, blues, rock, Bob Dylan, whatever.
- 10% film and film history – I am a film school drop-out after all
- 10% Apple related – I’ve been a Mac user since before it was cool
- 10% humor, or what I find funny
- 10% weird and unusual stories from the old, weird America and the old, weird world…
Truthfully, the email is a simple communication tool, and you should go ahead and sign up. Even if you don’t get around to reading every single one, you’ll still find items of interest when you do read the email. Plus, the email is free…
What do you have to lose?Footnotes:
- the Feedburner limit [↩]
There is a limit of Feedburner that it will only post the last ten entries into the daily blog email – for Flickr photos, if I’ve had a busy photographic day, or for blog posts – and yesterday turned out to be an epic sitting-in-front-of-the-computer day2, so I posted more than ten entries to Delicious.
Here are a few tidbits that got omitted:
- “And Fake Steve is dead, but the self-important drama queen lives on.” http://t.co/Ij7fiPb4
- “Special Service Areas are local tax districts that fund expanded services & programs through localized property tax” http://t.co/aHJptHgS
- “iPhone 5 Wi-Fi Problems Fixed By Manual DNS Settings” http://t.co/co6IWYCc
- New Tracking Frontier: Your License Plates http://t.co/mEqTRK2l
- “Obama Orders Chinese Company to End Investment at Sites Near Drone Base” http://t.co/zgOWdrP8
- “Romney vows to take on Lyme disease ‘epidemic’” http://t.co/T7dJsaQO Uhh, ok?
- Histoire de Melody Nelson: Serge Gainsbourg’s psychedelic orchestral rock opera http://t.co/u6Y4T8zd
- Paul Ryan “referred to rape as a “method of conception.” http://t.co/fP4AjEFt
- “The Satchmo Cocktail: A Sazerac… With A Twist” http://t.co/CCSvBeY5
- “How many times have you said, “if only we had a president who made Lyme Disease his number one priority?”” http://t.co/r8FSjssX
- Brian May: Me and my animal passions | From the Guardian http://t.co/1CxVc7vf
- “Looking to Mexico for Alternative to Abortion Clinics” http://t.co/zukKI39q
- “Laws Revive ‘World Before Roe’ as Abortions Require Arduous Trek” http://t.co/cyFZ1sZ4
- “Cherokee Nation Chief Demands Apology From Scott Brown Campaign” http://t.co/nuMbKepI
- “Romney is perhaps best known for being a clown and a humanitarian, … an LSD-fueled comedian.” http://t.co/8TaXOeJd aka Wavy Gravy
Also, I’ve created an IFTTT.com recipe which works as follows:
- new Delicious post is created
- if I use the tag “link”, then a new WordPress post is created with the snippet, with a link to the original URL.
- Cons – limit to 999 characters, limited HTML formatting, doesn’t include an image, and doesn’t allow me to frame the quote or react to it, unless I do it later.
I just tested, and I can edit the Delicious post later to add the magic trigger word, “blog” as a tag, and posts still are generated, even if they existed first a while ago. Pretty nifty.
In general, the limit of ten new mini-posts in a day won’t be an issue, as most days I am not reading in front of my computer that many hours. So, turns out I don’t need Twitter after all.Footnotes:
For a long time, I had worked out a good system, using Delicious, Twitter, Feedburner and IFTTT. I found interesting articles or phrases in my daily internet life, tweeted them, and these URLs would be automatically fed into my Delicious account, and this in turn would seed entries into my daily blog email post1. Thus my blog’s hunger stayed fed, and I didn’t have to go to the trouble of creating an entire post around a few sentences. However, Twitter, in its drive to become less useful, has disallowed this kind of interaction by changing its APIs. Twitter wants to force every user interaction to occur on its own webpage, presumedly so they can sell advertising “eyeballs” – viewers – but this means a lot of the cool stuff that Twitter could be used for no longer are viable. At least that is my understanding of what happened between yesterday and today.
I’ll see what I can do to replace this lack of grist for my web grinding mill, but it is irritating. Anyone have any suggestions? Email me, or leave a comment.
Here is what should have been included in this morning’s blog email2:
- “Mother Cabrini Shrine Reopening; Le Corbusier in Color; More!” http://t.co/w9ainEtn
- “Ross Douthat’s schtick at The Atlantic: repeating Redstate talking points, minus the obscenity and grammatical errors” http://t.co/rkJVN0eH
- “Todd Akin compared the recent debate performance of Democratic Sen. Claire McCaskill to that of a “wildcat,” http://t.co/JOmjmi29
- “In 1960, about 5% of Americans expressed a negative reaction to political intermarriage; in 2010, about 40% did ” http://t.co/ONkWfpDk
- “Pro-life asshole vows to fight “to his dying breath” for rights of unborn” http://t.co/bMJ6qFwc C’mon Canada, you are better than this
- Opium Museum http://t.co/vTfSaJm4
- “How Collecting Opium Antiques Turned Me Into an Opium Addict” http://t.co/KWV4aoey
- “Romney mentioned that it would routinely take up to eight years to turn around a firm” http://t.co/xdbBghjv but US govt easier?
- Why Ryan is worse for Romney than “47 percent” http://t.co/79gHpcPE
- Brad DeLong: I Do Not Understand Why This Is Not Tax Fraud… http://t.co/wLipfAfZ Good ole DoubleClick
- Your Body’s Best Time for Everything http://t.co/N7KUjLQj
And actually, I’m being a little lazy in my cut/paste job here, as these links would also have included the full, original title of the URL, which is sometimes descriptive as well. For instance, the second link about Ross Douthat would have also spelled out “And If Only The Vietnamese Had Worn Bright Red Coats And Formed Infantry Squares”. You get the idea.
Anyway, thanks for messing up my workflow Twitter…Footnotes:
Strangely enough, even after all this time, I still think about blog posts I should write, even if I never get around to actually writing them. Usually right as I am about to sleep, or just as I am waking up.
This isn’t one of those posts – I am instead testing out the newish WordPress iPad tool.
My photo site is progressing nicely, but there is some sort of problem with the thumbnails (Masonry).
Marty is visiting his mom, and isn’t able to fix this at the moment.
Alice in Wonderland
You probably didn’t notice, but my automated delicious.com posting tool has eaten some magic mushrooms, and fallen through the rabbit hole. I think it is posting every hour, on the hour, but I didn’t count after ten or so duplicates. I’m just turning it off until further notice. Apologies for all the duplicates…