Meriblog: Meri Williams' Weblog

So you might have noticed I was hacked prettily nastily on this site and a couple of others. I’d taken my eye off the ball and not done a really close inspection of my WordPress installs in a while, as well as being a bit lax in updating the moment a new version was out.

So What Actually Happened?

A couple of files have been snuck into theme and plug-in directories that allowed upload and editing of other files. If you find the files r.php or temp.php anywhere in your WordPress install you might want to check on them.

Through these, a file called function.php was added, full of evals and base_64 encrypted code. The regular WordPress functions.php and load.php had been modified to include the function.php file. This then replaced the normal blog content with all manner of spam.

The Cleanup

With the help of the fine folks at Sucuri, all the corrupted files were put back to normal and the backdoors plugged. I also deleted all unused themes & plugins (unfortunately the otherwise very useful Dreamhost One Click Installs do litter the place with “extras” you might neither want nor need).

For anyone investigating similar hacks, the Linux command to find recently edited files is find . -mtime -1. This will show you anything edited in the last day (replace the 1 with a different number to give different number of days). Though there are ways around the Linux file times, a cron job checking for recently modified files is helpful to keep an eye on things.

Useful Links

• Sucuri’s Advice for After the Cleanup
• Dreamhost’s advice on troubleshooting hacked sites
• Sucuri’s explanation of the recent pharma hacks and how to clean it
• Tips for searching for backdoors in a hacked WordPress install

Elly & I just sent the new Heddon Holistic Therapies Centre website live.

The centre itself was founded by Val Lockey, who is an amazing therapist. Since we moved up to Newcastle 18 months ago I’ve been going to Val for help with my RSI. Even with all the crazy travel I’m doing these days, she helps to keep me pain-free and so I can heartily recommend her services!

Eating your own dog food is a strategy often proposed to help companies produce better products. Using your own software exposes you to flaws that you might not otherwise find — intensive, day-to-day usage can highlight annoyances and bugs that even the most robust test scripts cannot. This makes a strategy of internal use particularly powerful to identify usability issues.

I think that what is being missed is what an opportunity eating your own dog food can be for accessibility as well. Web application developers should take a day a month, switch off all Javascript, possibly even swap into Lynx (or similar “no frills” browser) and try using their applications as normal. One could do the same from a mobile browser or different OSes.

Before, when testing was a big effort before pushing the product out the door, brief testing in each different environment was an OK (but not fantastic) strategy. With incremental development and frequent releases becoming the most popular software engineering model, kneeling and eating our own dog food should become an integral part of all our development and testing strategies.

I know that everyone else has already found and talked about Moo’s Flickr Minicards. I just wanted to heap some extra praise on the pile. I just ordered their free sample for Pro users and was SUPER impressed:

• The interface is fantastic. Simple, intuitive and nicely gelled with Flickr facets like tags and sets.
• They don’t just deliver in the USA! W000000000000000000000000000000t!!!!!
• When they say it’s a free sample, then mean it! So often it’s only free in the US. I selected UK delivery and they didn’t even flinch.

Design Is…

Originally uploaded by meriwilliams.

Just for the record, this is a joke. But I thought I’d jump on the bandwagon anyway — after all, who can resist following Mr Hicks? 😉

Incidentally, Elly makes a good point…

On One Map is possibly the coolest Google Maps mashup I’ve seen so far. Not that it’s the most innovative — more that it’s the most insanely useful. Looking for houses is a pain in the arse if you don’t know exactly where you want to live — you end up browsing the house descriptions first and having to branch out to find out where the place actually IS. Whereas we all know that the number one rule in househunting is “Location, location location!”.

Now I just have to resist the urge to find another house — we’ve only been in our current flat a year and 7 days!

After spending a few days deliberating between using Rails and Django for my wedding site, I’ve hit a bit of a brick wall.

However easy it would be to install all the required bits and bobs on one of my Linux boxes I have kicking around the house, I really prefer NOT to have any of them running 24/7 or accessible from the outside world. So I started looking at which framework I’d be able to run on my hosting. Unfortunately, neither seems possible.

So much for that then. Time for a new host at some point, I think, (especially as Neathosting unfortunately seem to have disappeared off the face of the earth!) but can’t really be bothered for what I’m trying to do at the moment. Any recommendations for great hosts that can support Rails/Django, anyone?