Site news

Hooking Facebook into my Blog

I’ve been using Facebook (or “Bookface”, as my nephew Shane calls it) fairly regularly lately. Today I decided to see what could be done to integrate my blog and Facebook a bit. I read the “how to” guide by Thiemo Fetzer, and now I have Yet Another WordPress Widget in the left nav of my site.

Nothing has changed for “normal” users of my site. For folks who regularly use Facebook, however, you now have an option. You can click on the “Login using Facebook” option, and your authentication will be handled via Facebook (i.e.: you log in using your Facebook credentials). KellysWorldBlog will be added to your application list once you’ve logged in once. Assuming I understand the application correctly, you won’t automatically receive anything from my site simply by using your Facebook login. I (or any visitor) can, however, click the “facebook share” icon to share individual blog posts on my wall.

What benefits does this give? Well, I guess you don’t need to remember your ID on my blog any more, and your Facebook icon will now appear next to the comments you post. But the main thing this does is allow for easy sharing of my blog posts with your friends.

(more…)

Continue ReadingHooking Facebook into my Blog

WordPress SQL injection hack: watch for=> %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

If you are running a WordPress based blog like I am and suddenly notice your post URLs have something “extra” appended (see the subject line), your blog has been hacked.

You can read more about it here (thanks, UCLABoyz, thanks schang!), where you will also find guidance regarding cleaning the problem up. Unfortunately, it appears that the hack works on all versions of WordPress up to and including the most recent.

I have BadBehavior installed on my blog, and so it was rejecting the URLs with this addition which I *think* would be thwarting the hackers involved: they hadn’t been able to create an administrative user. Unfortunately, it also meant none of my blog posts were working properly until I noticed the problem and corrected it.

Hopefully WordPress will issue a fix for this soon- in the mean time, keep an eye on your URLs, WordPress bloggers!

UPDATE: Another link to a lengthy thread regarding this hack on the WordPress.org site. What is interesting here is the apparent vector: a weakness in the WordPress code, apparently up to and including the most recent release, that permits an ordinary subscriber (i.e.: not an administrative user) to run some administrator features e.g.: changing the permalinks.

UPDATE #2: it appears that updating to the most recent version of WordPress (2.8.4) removes the “double slash” vector for running some admin commands (notably permalink.php). This fix was apparently added somewhere between WordPress version 2.8 and 2.8.4.

I’ve included some extracts from my server logs and further thoughts below…

  

(more…)

Continue ReadingWordPress SQL injection hack: watch for=> %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

Shifting my Twits around

I’ve moved my Twitter feed from the right side to the left side navigation area on this page. The “balance” was starting to bug me (i.e.: too much vertical “stuff” on the right versus the left), and for some reason it just seems to make more sense under “recent comments” then above my photo gallery block.

I have not yet really slowed down my rate of “tweeting” yet: by the way, I prefer calling individual Twitter posts “twits”, but apparently that is bad form- sorry. I started on May 14th, and I’m posting somewhere around six to eight updates per day. if you look at my follow cost I seem to have stabilized at just below 400 milliscobles. I’m not feeling any compulsion to tweet: I just do so when something catches my eye and I think other folks might want to hear about it. Probably my main “vanity” when tweeting is that I respond to a few people like badastronomer (Phil Plait) and wilh (Wil Wheaton) on occasion. In part I do this because I’m hoping they might say something back- but generally I actually *do* have a question, I just probably would never have the courage to ask them to their face.   

(more…)

Continue ReadingShifting my Twits around

New layout more or less settled

The Atahualpa theme has been active here on the site now for several days. I haven’t received any positive or negative feedback, but I’m happy enough with it now that I’ve made a few minor tweaks.

  • The banner pictures at the top are now my own photos: I plan on adding in a few cat pictures at some point, but the format requires some fiddling so it may take me a while
  • I’ve corrected some problems that prevented my archives from showing up
  • I have managed to get a twitter feed working that doesn’t require the Flash plugin

.
(more…)

Continue ReadingNew layout more or less settled

Apparently my Gallery had NSFW comments..

Google sent me an email the other day telling me that my site had “inappropriate” content:

As stated in our program policies, AdSense publishers are not permitted to place Google ads on pages with adult or mature content.

Adult? Mature? On *my* site? Hmmm, this required some further investigation. It didn’t take long to find the problem- Google even gave me a sample URL. Apparently, sometime in the last few weeks some comment spammer bot found my photo gallery and started spewing link-farm comments in random spots throughout. And of course, the only person who has to do more work in this process is me.

(more…)

Continue ReadingApparently my Gallery had NSFW comments..

End of content

No more pages to load

Older Posts