Category Archives: CMS

Has my WordPress blog been hacked?

At some stage, some weird text seems to have inserted itself into a bunch of my links on my personal blog… a Get parameter referencing phpMyAdmin and a long hexadecimal string, which appears to be the same every time.

So for instance the link:
<a href=”/1995/12/22/the-bill/”>

<a href=”/1995/12/22/the-bill/?phpMyAdmin=3bceb1b20913e8babce341325e13bf76″>

And this one:
<a href=””>

<a href=”<a href=?phpMyAdmin=3bceb1b20913e8babce341325e13bf76″”>

A Google search suggests that this specific parameter appears to be unique to my blog.

It mainly appears to have hit internal relative links, but has hit some external ones too. But it hasn’t affected all the links, by any means. Maybe a few dozen posts. And for the most part they are like the first example, above, and don’t actually break the links.

At first I thought it was a hack back at some time when I might have had a vulnerable version of WordPress on my blog. Though I’ve been unable to find any other examples of it (not that it’s the easiest thing to search for), and now I’m wondering if it was some mistake during a migration of the database.


Something I don’t like about WordPress

I love WordPress.

But not 100%.

Something I don’t like is how it decides arbitrarily when to decide to re-authenticate you.

I had logged in here to write a post, and it happily let me type it all out, until I hit the Publish button, when it decided to double-check who I was. Which was fine, but by the time it had done that, it revealed that the draft of the post that had been saved was from several minutes before I’d hit Publish, and I’d lost a couple of links I’d put in which now I’ll have to find again.


The Triple J question

Trust Josh to ask a curly question for the StackOverflow podcast: “Why did the Stack Overflow schedule blow out?” and quoting back Jeff and Joel's own previous forecasts at them.

Made for an interesting discussion though. I certainly agree with the point that until you're actually working on something, you d

on't have a great deal of confidence in just how much there is to do … that becomes apparent as you go.


(So I can find it later: WordPress URL parameters, for example for showing all posts by Josh.)


Recent finds

Ever wonder how they fitted an entire computer language into just a few kilobytes, back in the 80s? Documented disassembly of BBC Basic 4.

How to highlight author comments in WordPress … but it relies on the author being user ID 1, so it won’t work here, where we have several people posting. Could easily be customised to look for other user IDs though.

Some developers are throwing in the towel and running Vista as Admin.

The excellent Secret Life of Machines not only has a web site, but is available freely (and legally) via BitTorrent. And the theme tune is available on iTunes.

Setting up Joomla on Windows

I had to do this recently. It’s not excessively difficult.

You can use this thing, but it’s really for dev environments.

WampServer installs Apache, MySQL and PHP. Easy.

Once it’s running, go into PhpMyAdmin and change the root password from the default (blank). You’ll need to update the PhpMyAdmin config too: this is in C:\wamp\apps\phpmyadmin2.10.1\ — remember that this, like most of the files, is in Unix format, so you need to use a Unix-aware file editor. (Wordpad seems to be okay for this if you have nothing else installed, at least on Windows Server 2003.)

Download Joomla and chuck it into the root directory (default is c:\wamp\www)

Browse to http://localhost/

If Joomla tells you to change anything in the PHP setup, you’ll find it in C:\wamp\bin\php\php5.2.5\php.ini — though it seemed to take no notice when I changed magic_quotes_gpc as requested. Odd. I eventually found you can reset it using the WAMP5 tray icon: Left-click, PHP, PHP Settings. It then automatically restarts Apache to make it take effect. Neato.

The rest is easy… go through the Joomla install pages and it does it all for you. Then start figuring out your template and structure.

Still to figure out:

  • Contact page/email doesn’t work. Probably some hiccup with Apache not figuring out how to send emails from Windows… maybe I need to make sure the Windows IIS SMTP server is running or something.
  • Issues with .htaccess, needed to switch on friendly URLs (well, friendlier than those default Joomla/Mambo monstrousities)

Twitter to WordPress to Facebook

(Skip the lecture, go straight to the instructions — but note the update.)

I’m yet to be convinced that microblogging (eg Twitter, or those status updates in Facebook) is genuinely useful. Maybe, maybe not. But I’m willing to try it out.

Problem is of course that if you use multiple services, you don’t want to be having to update them all individually. If such a concept is going to work, you’ve got to be able to update once and have it cascade to everywhere.

Facebook has an app to push updates out to Twitter. Which would be fine, but for those outside North America, you can’t update your Facebook status from anywhere except within Facebook. (North Americans can use SMS from a mobile, but others can’t.) Okay, so maybe you’d want to do it mostly when in front of a computer anyway, but I do like about Twitter than you can update from anywhere… anybody can SMS a number (it’s based in the UK, so for me it’s costing 50 cents… so I’d better not go mad using it) so no fiddling with mobile web access just to post an update. Twitter also takes updates via IM (such as GTalk and Jabber). I also like that it’s open; people can see what’s going on without registering.

I normally hate words like synergy and leverage and convergence, but that’s what’s gone on here. Alex King has written code that updates WordPress from Twitter every 15 minutes. Christian Flickinger has written code that updates Facebook using PHP, with a hack using the Curl library (since Facebook doesn’t actually accept inputs like this) that logs into Facebook’s mobile web page and does the business.

And Blake Brannon has put the two together, so a Tweet (that’s Web 2.0 talk for a Twitter post) will cascade to your WordPress blog, and then on to your Facebook status.

Neato, huh? Now that really is leverage. If it works. Which it does for many people, but it didn’t for me. I was having problems with Blake’s code; probably an issue with my Web ISP’s configuration. I ended up splitting it off to a separate WP plugin, which was messy, but allowed me to use the code in isolation, and figure out the problem.

It may be an issue that only affects particular versions of PHP or Apache or something — I’m no expert — but the problem was the Curl call couldn’t write to the cookies file. Creating the my_cookies.txt file and making it writable (777) and modifying the code slightly to specify where the file lived solved it. Another issue involved Curl being unable to use the FollowLocation flag, but it turned out this wasn’t needed.

I also ended up with Blake’s (modified) code in a separate file to Alex’s, rather than inserted into it as Blake intended.

So in summary

Update 2007-08-31: Blake’s been told that automated access into Facebook is against the Terms of Service. It’s unclear if Facebook will actively go chasing those who use or distribute code like this, but it would seem to pay to be cautious. Sorry.

  1. Download Alex King’s Twitter Tools and put in your wp-content/plugins directory
  2. Download twitter-wp-fb.txt. Put your Facebook details in where shown, then put it into your wp-content/plugins directory
  3. Create an empty wp-content/plugins/my_cookies.txt file and make it writable (777)
  4. Go into your WP Plugins page and activate both Twitter Tools and WP/Twitter to Facebook
  5. Go into the Twitter Tools config page and enter your Twitter credentials
  6. Cross your fingers and post something in Twitter

I think that’s all the steps. Good luck.

Thanks to Blake for his assistance on this. And to Alex and Christian, whose code this is all built on.

Easy ways to save bandwidth

After reading Jeff Atwood’s terrific post about saving bandwidth on web sites I’ve moved the Geekrant RSS feeds over to Feedburner, using Steve Smith’s mavellous WordPress Feedburner plugin, which works in WP 2.0x and 1.5x.

I also turned on HTTP compression, which in WordPress is as easy as clicking a checkbox. It not only saves you bandwidth, but users get your pages served quicker, since the bottleneck is bound to be their bandwidth, not their browser’s ability to decompress.

We’ll see how it goes. Bandwidth has been growing recently: January 2.8Gb; February 2.7Gb; March 3.4Gb. It’s not at ludicrous levels, but if it keeps climbing, I’ll end up paying more for the hosting. Hopefully this will help bring it back down.

Update 8:40pm. First thing I notice is that when reading the feed from within the Feedburner site, it doesn’t treat relative paths to images properly. I guess I’ll have to put absolute paths, ‘cos at the moment in the previous post it’s trying to load instead of I wonder how it treats relative links?

Counting things in WordPress

A couple of MySql queries to count up your 2006 blog stats (as I did on my personal blog).

Count the number of posts since…

select count(*) from wp_posts
post_status = ‘publish’
and wp_posts.post_date >= ‘2006-01-01’

Count the post with the most comments since…

select wp_posts.ID, count(*) as wpc, wp_posts.post_title, wp_posts.post_date from wp_comments, wp_posts
wp_comments.comment_approved = ‘1’
and wp_comments.comment_post_ID = wp_posts.ID
and wp_posts.post_date >= ‘2006-01-01’
group by comment_post_ID
order by wpc desc

Writely: a product review

(At least, the collaborative editing bit.)

    “Only if it were a little less disjointed.” The review that is, not the product. The review started as a test of Josh and Daniel concurrently typing all over a document.  For ease of reading, the first person has been used for both Josh and Daniel; a kind of gestalt entity, a multi-headed hydra, a two-headed knight that can’t agree if after the period at the end of a sentence you should have one or two spaces.  Not that it matters in the world of HTML (unless, like this product, you chuck in non-breaking spaces). If you are angered by any of the writing or formatting, Daniel Josh Daniel wrote that bit. Rabbit season.

A concurrent word processor – what’s that?
I’ve got this friend, Andrew.  He had a project back at Uni to write a concurrent word processor, which his team did in Ada with each keystroke being sent to all editors (I wonder if that ever became a viable product?).  Which means two people could work on the same document.  At once.  Even the same sentence, or word. When he told me about it, I thought that software like this would be cool, and relatively trivial to do, but until the Internet came along there wasn’t the always-on ubiquitous network that would make it workable for many people to edit something.  So, like an idiot, I promptly forgot about it.  And then Google didn’t buy me out.

Jokingly one might refer to such an idea as Edit Wars. But it’s not hard to see how useful realtime (or nearly realtime) collaborative editing could be. No continuous emailing of differing versions around the place to thoroughly confuse people, quicker turnaround on edits, and all in a near-WSIWYG environment.

Actually, this would work really well for wikinews (which actually does have Edit Wars). Actually, wikinews would have some problem with actual concurrent editing because MediaWiki (what wikinews runs on) has a change-and-publish model.  I wonder how the MediaWiki system deals with micro-changes – i.e. a keystroke at a time?  Anyways, the reason I mention wikinews is because for information on the 7/7 bombings on the tube I went to wikinews – It actually told me what was happening, where and gave maps and was constantly being updated. 

But with several edits a minute, actually getting any information into the article was very difficult – changes kept failing. MediaWiki doesn’t lock people out while a change is being written; it uses something like CVS, and if it detects concurrent editing gives you an error in response to a save.  Saves are manual.

Using VNC would allow two people to view a document while one edits it, or more precisely to allow multiple people watch a single one edit.  But multiple editors, that’s cool.

So, Writely seems to have functionality roughly on par with MS-Write.  Which, in my opinion, is plenty.  You get hyperlinks and insertable images.

Writely’s first problem is the document editor can be slow to load. It’s obviously heavily dependent on network and browser speed. During one initial try at it, the network connection was as slow as mollases.

When someone else jumps in, an orange bar at the bottom of the screen tells you this. Once editing is happening, it only appears to pick up changes every minute or so (reflected at each end by the Saving prompt appearing in the top right). Arguably this is fair enough for most applications, but definitely not quite as nice as real time. I was hoping it would be character-by-character, like Andrew’s thing back at Uni.  That would be concurrent.  You could see what areas others are working on and watch, or avoid that area and work on another. Sending each keystroke would be a doddle bandwidth-wise, even the fastest typists run at around only 120wpm -> 720cpm, 12cps.  but with 10ppl going at it at once, that’s 120cps, but I guess the server could bundle them together before redistributing out.  You would have to include sequencing information in each packet to prevent out-of-order application of keystokes and other UI interaction.

But even if it’s not realtime (e.g. almost realtime), I can see the benefits, for many applications.  Like what?  It’s not too bad for knocking this into a coherent review, but something to provide hints about where the other editors have been touching stuff would be good.  It doesn’t appear to use visible revision marks. I find them a pain in the arse in Word, but at least you can tell who’s done what… even more important with multiple concurrent people all hitting the document. It does track all the revisions in the Revisions tab, which includes facilities to compare versions. Might be nicer if it showed show revision marks like Word, in the document itself.  With some sort of aging (maybe a coloured background that fades back to white?), and an ability to “accept” the changes – by which I mean tell the edit program to tell you if that text changes again.

There’s a chronological edit history type of view off on one of the tabs; I wonder if any thought has given to “replaying” the saved document to give you a feel for the evolution of the final document.  At the very least, it would demo well, even if no-one ever used that feature.

This has undo/redo; for typing it appears to act on the last sequence of typed characters.  And how does undo-redo work with multiple people editing?  You could keep a local buffer, but what does it mean to undo stuff if others have changed the text you were editing? We didn’t try too hard to find out.  The algorithms for that must be really scary, or really lame.

Writely is multi-user chat?
Perhaps this is only any good as multi-user chat. But, as multiuser chat, everyone would have to adopt different colours.  And, like in a wiki, people could be running all over the place changing the history of the chat.

Why did you call me a buffoon?
I didn’t!
Yeah you did, look back there.

Nah, it’s no chat tool.  It’s a not-too-bad collaboration tool.

Bugs / weirdness
This thing is beta, which is latin for “still doesn’t work”, but here’s some stuff we noticed in our half-hour of mucking around:

  • Save chops the trailing space off a line!  So if I’m typing, and stop for a bit to think, and it takes advantage of that to do a save, my space disappears and now I’m abutting the previous word.
  • I wonder what happens when the document gets so big that the different collaborators are on different screenfuls of it?
    Woah.  It does random scrolling type things to me!  Like, that jumping to the top thing.  That’s super-annoying.  It’s jumping to the top when Josh’s changes are picked up… at least, if I’m not typing.
  • Hitting delete on the end of a line that’s a bullet point at one point wouldn’t pull in the subsequent non-bullet point onto the bullet point.  Reproducing this failed.
  • Now I can’t scroll to the top of the document!  I’m off by one line, I’m on it, I can see the bottoms of the drop-down letters, but not the top.  At least the scrollbar works and I can get there with that. 
    Oh, and pageup gets me there too.  But ctrl-home doesn’t scroll me to the absolute top of the document.
  • This seems to be a difficult UI to get your head around – inviting someone else in to work on the document is non-obvious.
  • I got this error: Your most recent changes to “Random sharing document” conflict with changes just made by a collaborator, and have been discarded. This should only affect what you have done in the last few seconds.  [There was no text, I was dragging an image around, but didn’t drop it yet]
  • Tabs get turned into spaces – probably because the editor tries to match itself as being closest to HTML, rather than other formats.
  • I tried to right-click copy text, and it turns out that I couldn’t because of my browser settings.  Which is fine, instructions were given as to how to achieve it (use the browser menu).  The second time, the context menu still offered me the option of copying text – even though Writely now knew I couldn’t do that.

Hand-written comment spam

Amongst all the easy-to-spot robot comment spam, I’m getting a bunch that (at first glance) looks like it’s written by humans. Gone are the stupid out-of-context broken-English comments and links to drug sales. These all have comments that look like they’ve got a few milliseconds’ thought put into them, all on new posts, they all leave a rediffmail (Indian GMail-type operation) address, a 209.97. IP address, and a link to a web site featuring lots of links and no content.

So far I’ve been spiteful and kept the comments but wiped the URL link.

I wonder if they’re particularly targetting WordPress sites that haven’t yet been upgraded to use the NoFollow links.