B12 Solipsism

Spreading confusion over the internet since 1994

Archive for the ‘wordpress’ tag

Self Portrait with Z Wine

without comments

There is a new-to-me plugin that exports photos from Lightroom to a WordPress blog. It seems the plugin won’t automatically create a new post, but it does simplify adding images to the WordPress Media Gallery.

Self Portrait with Z Wine

testing the Lightroom/WordPress plugin

Written by Seth Anderson

January 25th, 2017 at 11:08 am

Blog oddities

without comments

Where's The Any Key?
Where’s The Any Key?

Twice now I’ve opened up my blog and discovered error messages in my header that look something like:

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in …/wp/wp-blog-header.php on line 1

Both times, when I logged into the WordPress Admin page, it looked weird too (as if there were no template or CSS file available). I reinstalled WP 4.2.2, and everything seems ok. Still weird, and I’m not sure how or why this happens.

Just out of curiosity, have you noticed anything weird in this space?

Written by Seth Anderson

May 30th, 2015 at 10:43 am

Posted in blog

Tagged with ,

PHP Script Hack Infected All Of my WordPress Blogs

without comments

 Computer Repair LED

Server Repair. 

Yesterday, I logged on to my WordPress Dashboard to see if any upgrades were available. I usually log on a few times a week, depending upon how actively I’ve blogged, or if I know of a WordPress upgrade. Once I logged on, I got an odd message that my plugins didn’t load because something was wrong with their headers. I clicked the Plugins menu to see what was going on, and instead, there was a message saying “You do not appear to have any plugins available at this time.” 

 Whu? WTF?!?!

Earlier in the week, the same thing had happened to my photo blog – plugins suddenly were non-functional. I was in the middle of a work-related crisis, so asked my cousin, the WordPress expert who actually constructed the photo blog, to look into it. He found malware, restored the photo blog to an earlier version with a backup, and it seemed ok. Since I was still sweating out the work-related crises, I didn’t look deeper. The photo blog seemed to work ok.

But now my blog was doing the same thing, and I had some time to investigate. I logged in to my site via FTP, and looked in the plugins folder. Several plugins were there. I opened one plugin directory, and one PHP file1 at random: the first line was a long string of code, obviously some sort of malware. Ru-oh! I renamed the plugins folder, which rendered it unusable by WordPress, created a new folder called plugins, and quickly installed a fresh copy of Akismet, a spam comment blocker. In the 15 minutes or so it took from when I first encountered an error until when I reinstalled Akismet, I received 59 spam comments! Yeesh. 

I looked at the various WordPress PHP files, bits of code that make the blog do what it does, every single one had the same piece of malware inserted in the first line. I reinstalled WordPress, which creates fresh copies of the majority of PHP files in wp-admin; in wp-includes and in the default WordPress directory. However, some files were not replaced, I had to open them manually and strip out the malware. Reinstalling WordPress does not touch anything in wp-content – themes, plugins, etc. I did not have backup copies of my Solipsism theme for some reason, so I had to clean several files here manually. Initially I mucked this procedure up by stripping out some good code as well, but eventually I figured out what was missing.2

I took a deeper look at my photo blog, and though the plugins were clean, and the theme files were clean, all other PHP files were corrupted. Again, I reinstalled a fresh copy of WordPress 4.1, and manually cleaned the remaining files (wp-config.php; wp-pass.php, wp-feed.php and so on).

You Do Not Have Any Plugins Available
You Do Not Have Any Plugins Available.PNG

I host a couple of subdomains3 which are static paged WordPress installations, both of these directories were full of the malware code. In fact, in the process of cleaning up, I discovered what the malware did. On both of these subdomains, there was a plugin directory called, innocuously enough, docs. I didn’t install this plugin, so I was curious what it did. I looked inside its directory, and found a directory called “cache”. In here were nearly 500 files with names like “29fb82abf5c8a42d970f94eed9d69ebf.dat”, and an XML file that indexed these pages using the subdomain’s URL. I opened one of these files with a text editor4 – it was a HTML-type page with the title of “Resume Writing Lookout Heights Kentucky KY 24/7 – Best Resume Writing Services”. The others were similar: “Cv Services Darwin  * Best Resume Writing Services 2014 – Jake Bradshaw”; “Payday Loans Near Augusta Ga ! <  24/7 Online Payday Loans”; etc. 

The HTML was horribly mangled, I would be surprised if it did anything, but maybe it would be enough if Google indexed a link pointing to some schmoe who paid a consultant for Search Engine Optimization. But maybe not. 

For instance, a portion of that particular spam page opened in a web browser looks exactly like this:

Create alert Self experiencing problems with problem with your consult an experienced for example, an e-mail, which is suitable day work. Diamond Call Ross on employer should protect a union, they but it would. Kentucky Diamond View all Altisource Vacations Worldwide jobs jobs Learn more about working at Altisource You can below, together with spending 2-6 hours a day at home This work can be done Colleges Equal Opportunity Williamsburg, Virginia – be at least High School diploma. Diamond

Whatever. I deleted these as soon as I could, shaking my fist at the evil spammer.

I found a few PHP files in my root level directory, I deleted these or cleaned them as needed.

I had tried to install a Drupal blog a while ago, before abandoning it as a futile, frustrating endeavor, but the files were still residing on my server, and all its PHP files were compromised. 

I put in a tech-support request to Pair.com, my web-host, asking them to double check if any PHP files remained that were corrupted, I haven’t yet heard back from them. But I think I cleaned up all the malware, all it took was eight hours of work on a Saturday night…

Today I’m planning on looking deeper into the MYSQL databases, and see if there are any unknown users or other oddnesses, and maybe change all my passwords. I’m not sure how the evil spammers were able to insert the malicious code, but I don’t want to have to go through all this again. Oh, and make backups! and backups of the backups!

Footnotes:
  1. PHP is a server-side scripting language []
  2. I think the blog is back to normal, if you see anything odd, please let me know. []
  3. clients’ web pages []
  4. I use TextWrangler since it is free. I should buy BBEdit, but I never get around to budgeting for it []

Written by Seth Anderson

February 8th, 2015 at 1:54 pm

Posted in blog

Tagged with , , ,

WordPress Troubleshooting – cannot modify header information

with one comment

y'a bon Banania
y’a bon Banania

Sorry if I make your eyes glaze over, but I had some trouble with my blog yesterday, and here is how I solved it.

Background: upgraded a WordPress plugin called Better WP Security, under its new name, iThemes Security Pro, and instantly my blog broke. I could no longer access my dashboard, could no longer make any changes to the blog, all that would happen would be an error message like this:

Warning: Cannot modify header information – headers already sent by (output started at [redacted]/wp-config.php:33) in [redacted]/wp-includes/pluggable.php on line 896

 so of course I copied this error out, and Googled it. Unfortunately for me, I searched on the second phrase first, which led to instructions about fixing the code in pluggable.php

Silly me, I was too busy to read more. I opened my FTP program, opened the file pluggable.php and sure enough, the last line did not include a close tag. I added ?> and my blog was working again. I immediately went into plugins and deleted iThemes Security Pro, and as everything seemed fine, went back to my other tasks, considering the matter finished.

G3 case open
G3 case open

This morning, I noticed that the daily blog email didn’t get sent, and then noticed that my blog’s RSS feed reported an error. A few of my plugins were not working at all (such as my anti-spam plugin, Askimet, and others). Ru-oh!

I went back to the Codex WordPress FAQ Troubleshooting page, and read the entire entry:

It is usually because there are spaces, new lines, or other stuff before an opening <?php tag or after a closing ?> tag, typically in wp-config.php. 

If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/blog/wp-config.php:34) in /path/blog/wp-login.php on line 42, then the problem is at line #34 of wp-config.php, not line #42 of wp-login.php. In this scenario, line #42 of wp-login.php is the victim. It is being affected by the excess whitespace at line #34 of wp-config.php.

If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/wp-admin/admin-header.php:8) in /path/wp-admin/post.php on line 569, then the problem is at line #8 of admin-header.php, not line #569 of post.php. In this scenario, line #569 of post.php is the victim. It is being affected by the excess whitespace at line #8 of admin-header.php.

(click here to continue reading FAQ Troubleshooting « WordPress Codex.)

Doh! My error message had told me the problem was in wp-config.php, and pluggable.php was the victim. I opened wp-config.php, and sure enough, there were 2 extra blank lines after the close tag. I don’t know how iThemes Security Pro added them, nor why, but once I deleted these two blank lines, my RSS feed validated through feed burner, etc. I trust the blog daily email will go out tonight, whether or not it will contain yesterday’s information too.

Written by Seth Anderson

March 27th, 2014 at 5:19 pm

Posted in blog

Tagged with , ,

Safari is Stupid for HTTPS

with 2 comments

Irritatingly, I clicked “Use SSL” on my WordPress dashboard for the Ted Cruz post I just published, because I didn’t know what that would do. Now, Safari won’t load the page at all. I unchecked the checkbox, but the page still won’t load. I looked closely at the URL and it should be http://www.b12partners.net/wp/2013/09/23/ted-calgary-cruz/ but Safari insists upon loading the “https:” version. As far as I can tell, there is no way to edit URLs directly in Safari, and this behavior persists even after I quit Safari and restarted – I still get taken to the nonexistent “HTTPS” secure version of the page, even if I hand-type the “HTTP” myself.

Safari is Stupid
Safari is Stupid

Grrrrr…

I tried using the “Short URL” version, I tried typing the correct URL, I tried copying and pasting, but all attempts lead instead to the HTTPS version.  

If there is a typo on the page, let me know in comments or email or Twitter, since I can’t see the damn post myself (well, other than in the WordPress Dashboard version, which is not always perfectly accurate). I guess I could click the category archive (Politics), or the tag archive (GOP for instance), but I’m too irritated to do so at the moment.

Written by Seth Anderson

September 23rd, 2013 at 7:56 am

Posted in Apple,blog

Tagged with , ,

Blog error – Postalicious crapped out

with 2 comments

Not sure what happened exactly, but my Postalicious plugin went a bit nutso last night, creating several posts that were erroneous. The plugin is a simple way to keep track of interesting URLs that I don’t have the time to make a full blog post about, when it works correctly.

Not Tonight Dear

The way the plugin is supposed to work is that it polls my delicious links ever hour, finds if there are any additions, merges these snippets into a page, and publishes the page once three entries are found. There is supposed to be a time regulator as well so that a Links post is only published ever 26 hours (so there aren’t multiple Links posts a day), but that didn’t keep several posts from being published last night, posts with empty URLs at that.

500 Internal Server Error – 500 Internal Server Error

I’ve disabled the plugin until I can figure out what went wrong (or there’s a new version, whichever comes first). It could be a problem at Delicious.com, or it could be because of the new version of the Postalicious plugin I installed yesterday, or some other factor.

Sorry about that.

Written by Seth Anderson

March 7th, 2010 at 10:16 am

Posted in blog,Links

Tagged with , ,

Reading Around on December 16th through December 17th

without comments

A few interesting links collected December 16th through December 17th:

  • The Secret Diary of Steve Jobs : AT&T: Chokehold is “irresponsible and pointless” – It’s their own fault, of course. Go look at their financial statements and open up the Financial Operations and Statistics Summary and look at capital expenditures over the past eight quarters. I’m no math whiz, but it looks like capex has gone down by about 30% over the time period. Scroll down a bit to the Wireless section and check out data revenues — they’re up 80% over the same period.
  • WordPress › Pretty Link « WordPress Plugins – Shrink, track and share any URL on the Internet from your WordPress website. You can now shorten links using your own domain name (as opposed to using tinyurl.com, bit.ly, or any other link shrinking service)! In addition to creating clean links, Pretty Link tracks each hit on your URL and provides a full, detailed report of where the hit came from, the browser, os and host.
  • The Conway Twitty Tribute Pistol (MP3s) – WFMU’s Beware of the Blog – If you’d prefer to remember Conway Twitty for his talents as a singer and songwriter, here are a few MP3s to help you out. All were written by Twitty, with the exception of Pop A Top, which was composed by Nat Stuckey.

Written by swanksalot

December 17th, 2009 at 8:03 pm

Posted in humor,Links,Music

Tagged with , , , , , ,