Cars, Security and a Peek into my Life
Learned about MySQL and plugins, databases and sub-domains, been looking forward to this since the fall.
If you need WordPress help with your site, you need Andy.
Now to put my URL collection to use.
Trying out Themify. It’s very GUI, like my old SquareSpace site.
Then I saw that.
Summarized below is what happened, and what to do. But!
Legitimate WordPress sites were used in a DDoS (distributed denial-of-service) attack against other legitimate WordPress sites. The goal is to create a botnet: harness the power of thousands of blogs, and use it to attack another site and take offline, I don’t know the why.
Sucuri is a malware monitoring and cleanup company. They discovered the attack, when one of their client’s went offline due to a DDoS.
From their site:
The attack uses XML-RPC.
XML-RPC is found in the core of WordPress, and is used to perform a “ping”: when one website notifies another website to say hey, there’s new content to see here.
XML-RPC is used to keep search engines updated, RSS feeds fresh, and news sites current. It’s used to create pingbacks and trackbacks, XML-RPC even helps provide mobile access.
XML-RPC is located in WordPress’ core code, and is by default set to ON.
WordPress is in a tough spot with this one.
It makes sense to set the default to ON, right? Pinging is kinda the nature of the internet. There’s lots of plugins designed specifically to take advantage of pinging. That’s why you won’t see WordPress issue a patch for this security breach, they kind’ve can’t.
And that’s why this attack is so clever. Dirty, but clever.
In fact, by turning it off, many core plugins will stop working, as will Jetpack…
It’s up to you, and how you run your site, whether to leave it on or off…
There are 2 ways:
1. search your logs for “any POST requests to the XML-RPC file. If you see a ping back to a random URL, your site is being misused”. – Sucuri
2. use the scanner Sucuri built, click here.
Your URL will be checked against their logs, to verify if it was 1 of the 162,000 affected sites.
This is where it gets tricky, and why I say to read Sucuri’s full post, and comments, and decide for yourself.
Options include:
1. disable all XML-RPC functionality on your site (core plugins may stop working)
2. add the below code to your theme, it’s a preventative filter:
(click here to copy the actual code)
(I chose option 2)
To add this code, is to go deep into the core code of the website (to “hack core WordPress”), where it’s really easy to type one wrong character and break your entire site.
Happened to KeriBlog.
(this stuff, wow eh. I knew what happened, that it was going to be fixed in a minute, and still I coughed up my heart when I refreshed to find that.)
While looking at this:
Non-nerds – you’re looking at a brand-new, pristine WordPress site. I’m going to port KeriBlog over when I’m finished building it. Comments will work again, one analytics log-in instead of 5, ONE SIDEBAR oh guys, so happy.
The red AI – that’s After the Deadline: an artificial intelligence based spell, style, and grammar checker. Check the * box to be warned when your writing is too passive. Seriously. While in Washington in January, I met one of the developers who wrote it; he was funny.
And I’m repeating myself, but AI and mind control and thought-power, it’s coming. It’s closer than you think. This huge shift of the last 5 years when the world got online, it’s nothing compared to what’s around the corner.
Friday night.
People-watching with a beer on a street is one of my favourite things.
Saturday night.
#SundayCleaning
Found this awesome FinalCut filter.
This week’s flowers.
They smell like cloves. If your home smells like fresh flowers, that’s classy.
See you online.
Plain, simple, white & blue KeriBlog… 2010 – 2012… RIP
I like my plain everything, it’s how I think websites should look like: blue links, obvious navigation, brain-dead layout, not trying to re-invent the wheel, content highlighted above all else, plus I’m obsessed with load time. I’m so 1998.
But it’s time. Now to give KeriBlog the proper packaging it deserves.
Then repeat the process 10 more times.
I have 12 in total.
KeriNetwork!
Choosing a new theme is a really big deal. What if stuff breaks when you install it? Are you sure the people building it will update it? Because if not, or if they go out of business, you now have a big blog security problem.
Below is an email I wrote to my friend who’s helping me with the install.
It’s the thought process behind it all.
(new theme is by ThemeFuse)
If you need a sysadmin… or anything done in: C/C++, Python, Matlab/Symulink, html/php/css/javascript, then shell scripting like bash… or Matlab (!)… you want @NodeZero_Linux
Please don’t insult him by asking for anything free, and besides, his rates are already too low if you ask me ;)
Thanks buddy XO
The design started in my head Spring 2010.
It started out like this:
Then I went on a couple URL buying sprees (click here and here).
The core and guts were built over a long weekend, and while it looks simple, it was not. I changed hosting providers at the same time, too. There was a lot happening, and this was a few weeks into having just moved, and living out of my trunk.
Various stages of development.
Before being ported over to KeriBlog.com, the new site was built under this URL, HAHA:
The Canadian Explorer was migrated over and converted from SquareSpace to WordPress, something I always wanted but didn’t think I’d ever get… for those of you not living full time in nerd world, that is a really big deal. Thanks Vito! If you’re lucky, he’ll help you too.
It’s the most beautful thing I’ve practically ever seen, do you even know HOW long I’ve been looking at this in my head.
So I documented its creation.
It’s really coming along, click to see :) —–> KeriBlog.com
