Brief note: was meddling in my WordPress Dashboard today, and noticed that the Jetpack plugin wasn’t activated anymore. Tried to reinstall, and was told by WordPress that I couldn’t install Jetpack because the folder already exists.
Hmmm…probably related to the Auto-Update feature, but who knows?
updated to add, logged in via FTP, deleted Jetpack, and reinstalled. No idea what caused the error, but doesn’t matter, chartreuse is my jam…
WordPress is really pressing their new-style editor, called the Block Editor. I can’t say I’m very enamored with it, at least in its current iteration. I find the Block Editor gets in my way more often than it is actually useful in creating a post.
Maybe I’m just used to using a 3rd party blogging software (namely, MarsEdit)? Maybe I need to use Block Editor more?
My websites were flagged by my webhost as containing malware yesterday. After a little back and forth with them, I decided that I would fix the problem myself to save on the hard costs of hiring an expert. The sites in question1 had been hacked sometime in July, but the hacker’s payload was simply a proof of concept – the hacker created a file called lol.txt on each folder on the root level of my server.
Since I’ve been a customer of this particular webhost for nearly 15 years, there was a lot of extra folders left over from various projects that I didn’t need anyway. I took the time to back every single thing to my local hard drive, and then deleted thousands of files.
The malware was installed as a .php file in the directory /wp-includes in two different websites with a WordPress installation. I could have simply nuked all the WordPress files with the exception of files found in /wp-content but I was curious if I could find more traces of malware. I didn’t have anything else more pressing to accomplish today.
Eventually, I cleaned up all the miscellaneous debris left over from Blogger days, lo so many moons ago, and even delved into my Moveable Type installation from the Golden Era of Blogging. All clear, if clunky.
If you have a moment, take a gander at urbanseens.com or my photo blog to see if they are ok. My webhost gave me the all clear, and restored my sites to the internet.
Being told you have malware is like someone accusing you of having lice or a STD or something”
Why not? Maybe Google will help my site get slightly more traffic? In the golden age of blogging, I got 20,000 to 30,000 visits a day, with occasional spikes up to 70,000. That sort of traffic is long, long gone (didn’t help that I stopped posting frequently, and generally became a lazy blogger, also the industry changed, Facebook and Twitter became channels of communication, yadda yadda), perhaps I can recapture some of that magic?
I wonder if I should add back Google Ads? I never see them myself because I use a tracker blocker, but if they are irritating, it isn’t worth it for the amount of money it could bring in, especially if my daily traffic is less than 1,000 visitors a day.
For the last year or even longer, I’ve periodically received email from strangers purporting to be fellow bloggers asking me to update old posts with a fresh link to their content. I’ve maintained a blog for a long time,1 thus I have lots and lots of posts and pages of posts by date and by category. I’ve always gotten “spam” comments, Akismet has protected your site from 1,571,626 spam comments but these new requests baffle me. Before the blog format was commodified, and commercialized2, I received lots of daily traffic, but I haven’t been a high traffic blog for a while now. I’m confused by this new, frequent request to update links – it isn’t as if Google ranks links from me highly these days.
This new category is labor intensive, so doesn’t seem as if it created by a bot.
Emails such as this one:
You’ve had a couple of emails from me recently, but I’ve not heard back.
I wondered if the resource was of interest, or is there someone else I should contact instead?
I’ve included my email below for reference.
On Mon, Jul 10, 2017 at 8:36 AM, Paul Turnbull <email@example.com> wrote: Hi,
I appreciate you’re busy but I wondered if you had a chance to check out my earlier email.
I’ve included a copy here –
On Tue, Jul 4, 2017 at 8:48 AM, Paul Turnbull <firstname.lastname@example.org> wrote: Hi,
I noticed you mentioned http://www.bikethedrive.org/ in your post, and just wanted to give you a heads up that I recently wrote a blog post you might like. It’s a detailed, up-to-date 7,000 word guide on how to choose a bike according to science, that details 10 factors to consider and is packed with tips and advice.
If this is something you’d be interested in, here is the link to the blog post: jenreviews.com/bike/
This is completely free and if you like it, all I ask is for you to link to or share the article on your site. In return, would love to share your post with my newsletter subscribers and followers on social media.
Either way, keep up the great work!
Here are some of the raw email headers for reference:
I’m skeptical of the motives of these requests. Why would someone request an update to a page which is a month’s worth of blog posts back in 2005 (or 2006)? Why not the specific individual post? In a moment of weakness, I responded to one earlier this year requesting money to make these links. That particular emailer didn’t reply again.
As I mentioned before, I do still frequently get automatically generated “spam” comments, ones like:
“Howdy! This is kind of off topic but I need some guidance from an established blog. Is it difficult to set up your own blog? I’m not very techincal but I can figure things out pretty fast. I’m thinking about making my own but I’m not sure where to start. Do you have any points or suggestions? Appreciate it”
which links to proxieslive (dot) com/free-proxy/ etc
Those kinds of spams are irritating, and clutter up my blog’s databases, but they are obviously generated by bots, and not hand-crafted emails.
These new super-targeted requests are strange. Did some SEO eBook suggest reaching out in this way as a means to increase traffic? Or are these Spambots 2.0?
longer if you include even earlier years when I hand wrote crap on my webpage without a CMS [↩]
by organizations like Huffington Post and the Gawker enterprise, for instance [↩]
Twice now I’ve opened up my blog and discovered error messages in my header that look something like:
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in …/wp/wp-blog-header.php on line 1
Both times, when I logged into the WordPress Admin page, it looked weird too (as if there were no template or CSS file available). I reinstalled WP 4.2.2, and everything seems ok. Still weird, and I’m not sure how or why this happens.
Just out of curiosity, have you noticed anything weird in this space?
Yesterday, I logged on to my WordPress Dashboard to see if any upgrades were available. I usually log on a few times a week, depending upon how actively I’ve blogged, or if I know of a WordPress upgrade. Once I logged on, I got an odd message that my plugins didn’t load because something was wrong with their headers. I clicked the Plugins menu to see what was going on, and instead, there was a message saying “You do not appear to have any plugins available at this time.”
Earlier in the week, the same thing had happened to my photo blog – plugins suddenly were non-functional. I was in the middle of a work-related crisis, so asked my cousin, the WordPress expert who actually constructed the photo blog, to look into it. He found malware, restored the photo blog to an earlier version with a backup, and it seemed ok. Since I was still sweating out the work-related crises, I didn’t look deeper. The photo blog seemed to work ok.
But now my blog was doing the same thing, and I had some time to investigate. I logged in to my site via FTP, and looked in the plugins folder. Several plugins were there. I opened one plugin directory, and one PHP file1 at random: the first line was a long string of code, obviously some sort of malware. Ru-oh! I renamed the plugins folder, which rendered it unusable by WordPress, created a new folder called plugins, and quickly installed a fresh copy of Akismet, a spam comment blocker. In the 15 minutes or so it took from when I first encountered an error until when I reinstalled Akismet, I received 59 spam comments! Yeesh.
I looked at the various WordPress PHP files, bits of code that make the blog do what it does, every single one had the same piece of malware inserted in the first line. I reinstalled WordPress, which creates fresh copies of the majority of PHP files in wp-admin; in wp-includes and in the default WordPress directory. However, some files were not replaced, I had to open them manually and strip out the malware. Reinstalling WordPress does not touch anything in wp-content – themes, plugins, etc. I did not have backup copies of my Solipsism theme for some reason, so I had to clean several files here manually. Initially I mucked this procedure up by stripping out some good code as well, but eventually I figured out what was missing.2
I took a deeper look at my photo blog, and though the plugins were clean, and the theme files were clean, all other PHP files were corrupted. Again, I reinstalled a fresh copy of WordPress 4.1, and manually cleaned the remaining files (wp-config.php; wp-pass.php, wp-feed.php and so on).
The HTML was horribly mangled, I would be surprised if it did anything, but maybe it would be enough if Google indexed a link pointing to some schmoe who paid a consultant for Search Engine Optimization. But maybe not.
For instance, a portion of that particular spam page opened in a web browser looks exactly like this:
Create alert Self experiencing problems with problem with your consult an experienced for example, an e-mail, which is suitable day work. Diamond Call Ross on employer should protect a union, they but it would. Kentucky Diamond View all Altisource Vacations Worldwide jobs jobs Learn more about working at Altisource You can below, together with spending 2-6 hours a day at home This work can be done Colleges Equal Opportunity Williamsburg, Virginia – be at least High School diploma. Diamond
Whatever. I deleted these as soon as I could, shaking my fist at the evil spammer.
I found a few PHP files in my root level directory, I deleted these or cleaned them as needed.
I had tried to install a Drupal blog a while ago, before abandoning it as a futile, frustrating endeavor, but the files were still residing on my server, and all its PHP files were compromised.
I put in a tech-support request to Pair.com, my web-host, asking them to double check if any PHP files remained that were corrupted, I haven’t yet heard back from them. But I think I cleaned up all the malware, all it took was eight hours of work on a Saturday night…
Today I’m planning on looking deeper into the MYSQL databases, and see if there are any unknown users or other oddnesses, and maybe change all my passwords. I’m not sure how the evil spammers were able to insert the malicious code, but I don’t want to have to go through all this again. Oh, and make backups! and backups of the backups!
Sorry if I make your eyes glaze over, but I had some trouble with my blog yesterday, and here is how I solved it.
Background: upgraded a WordPress plugin called Better WP Security, under its new name, iThemes Security Pro, and instantly my blog broke. I could no longer access my dashboard, could no longer make any changes to the blog, all that would happen would be an error message like this:
Warning: Cannot modify header information – headers already sent by (output started at [redacted]/wp-config.php:33) in [redacted]/wp-includes/pluggable.php on line 896
so of course I copied this error out, and Googled it. Unfortunately for me, I searched on the second phrase first, which led to instructions about fixing the code in pluggable.php
Silly me, I was too busy to read more. I opened my FTP program, opened the file pluggable.php and sure enough, the last line did not include a close tag. I added ?> and my blog was working again. I immediately went into plugins and deleted iThemes Security Pro, and as everything seemed fine, went back to my other tasks, considering the matter finished.
G3 case open
This morning, I noticed that the daily blog email didn’t get sent, and then noticed that my blog’s RSS feed reported an error. A few of my plugins were not working at all (such as my anti-spam plugin, Askimet, and others). Ru-oh!
It is usually because there are spaces, new lines, or other stuff before an opening <?php tag or after a closing ?> tag, typically in wp-config.php.
If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/blog/wp-config.php:34) in /path/blog/wp-login.php on line 42, then the problem is at line #34 of wp-config.php, not line #42 of wp-login.php. In this scenario, line #42 of wp-login.php is the victim. It is being affected by the excess whitespace at line #34 of wp-config.php.
If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/wp-admin/admin-header.php:8) in /path/wp-admin/post.php on line 569, then the problem is at line #8 of admin-header.php, not line #569 of post.php. In this scenario, line #569 of post.php is the victim. It is being affected by the excess whitespace at line #8 of admin-header.php.
Doh! My error message had told me the problem was in wp-config.php, and pluggable.php was the victim. I opened wp-config.php, and sure enough, there were 2 extra blank lines after the close tag. I don’t know how iThemes Security Pro added them, nor why, but once I deleted these two blank lines, my RSS feed validated through feed burner, etc. I trust the blog daily email will go out tonight, whether or not it will contain yesterday’s information too.
Irritatingly, I clicked “Use SSL” on my WordPress dashboard for the Ted Cruz post I just published, because I didn’t know what that would do. Now, Safari won’t load the page at all. I unchecked the checkbox, but the page still won’t load. I looked closely at the URL and it should be http://www.b12partners.net/wp/2013/09/23/ted-calgary-cruz/ but Safari insists upon loading the “https:” version. As far as I can tell, there is no way to edit URLs directly in Safari, and this behavior persists even after I quit Safari and restarted – I still get taken to the nonexistent “HTTPS” secure version of the page, even if I hand-type the “HTTP” myself.
Safari is Stupid
I tried using the “Short URL” version, I tried typing the correct URL, I tried copying and pasting, but all attempts lead instead to the HTTPS version.
If there is a typo on the page, let me know in comments or email or Twitter, since I can’t see the damn post myself (well, other than in the WordPress Dashboard version, which is not always perfectly accurate). I guess I could click the category archive (Politics), or the tag archive (GOP for instance), but I’m too irritated to do so at the moment.
Not sure what happened exactly, but my Postalicious plugin went a bit nutso last night, creating several posts that were erroneous. The plugin is a simple way to keep track of interesting URLs that I don’t have the time to make a full blog post about, when it works correctly.
The way the plugin is supposed to work is that it polls my delicious links ever hour, finds if there are any additions, merges these snippets into a page, and publishes the page once three entries are found. There is supposed to be a time regulator as well so that a Links post is only published ever 26 hours (so there aren’t multiple Links posts a day), but that didn’t keep several posts from being published last night, posts with empty URLs at that.
I’ve disabled the plugin until I can figure out what went wrong (or there’s a new version, whichever comes first). It could be a problem at Delicious.com, or it could be because of the new version of the Postalicious plugin I installed yesterday, or some other factor.
A few interesting links collected December 16th through December 17th:
The Secret Diary of Steve Jobs : AT&T: Chokehold is “irresponsible and pointless” – It’s their own fault, of course. Go look at their financial statements and open up the Financial Operations and Statistics Summary and look at capital expenditures over the past eight quarters. I’m no math whiz, but it looks like capex has gone down by about 30% over the time period. Scroll down a bit to the Wireless section and check out data revenues — they’re up 80% over the same period.
WordPress › Pretty Link « WordPress Plugins – Shrink, track and share any URL on the Internet from your WordPress website. You can now shorten links using your own domain name (as opposed to using tinyurl.com, bit.ly, or any other link shrinking service)! In addition to creating clean links, Pretty Link tracks each hit on your URL and provides a full, detailed report of where the hit came from, the browser, os and host.