I forgot to take a full nap yesterday, so only stayed up last night until midnight EST …. I am in MST. Decided that the loss of sleep was the thing to do. And it wasn’t too noisy around my neighborhood. A few fireworks (they are legal in Utah on New Year’s Eve), but  at 24F it was too cold to go outside to try to find some to look at.

A bright Sunday morning today: not as cold as the prior weeks; we might get up to 40F today. No snow in the forecast; all I can see is brown lawns and weeds. Today’s sky is a bright blue.

As usual, working on a web site or two while watching football. This new one is supposed to be ready by Feb 1st, so need to get it working. Some code recycling is in order to make the pages work right.

Changed over to 9am church meetings. So home by noon, a turkey/cranberry sandwich with some chips for lunch. Pork chops or grilled steaks for dinner. Just the two of us today, so a quiet afternoon and evening is in store.

You wouldn’t know it by the paucity (look it up) of posts here, but I have been somewhat busy at home (along with at work).

I’ve been re-employed at a local county government agency in the IT dept (where else). Working on a new Content Management System that is a replacement for their existing system. My part is to take care of the hosting environment (servers, setup, etc). My responsibilities also include the web infrastructure (servers, IIS, etc) for all of their web sites, along with some other related tasks. That keeps me mostly busy. I just passed the one-year mark there, and the yearly review was very positive. I enjoy the work, the commute is much easier than in CA (although more miles, it’s usually at ‘freeway speeds’ on the freeway part). And it keeps me out of the house (much to the delight of Pam).

Besides the one-year anniversary at work, Pam and I celebrated our 36th wedding anniversary. That’s pretty significant. I’m a lucky guy.

After work hours, I have been working on several web-related projects. One is the redesign of Dr. Jerry Pournelle’s web site (www.jerrypournelle.com/chaosmanor), which was started last April and went live in June. Things have settled down there, so it’s mostly monitoring things and performing updates as needed. I’ve also been involved in helping out with converting some of his science fiction books to ebook (Kindle and Nook) format. You can find a list of his ebooks on his site (one of my favorites is “Lucifer’s Hammer”).

This last month I have been working on converting the Manufactured Homeowners Association domain to WordPress-based format. That one just went live today (www.mhoaa.org ).

Then there is the rewrite of the FileHurl site (www.filehurl.com ) to PHP from ColdFusion. (FileHurl is a way to send files to someone else without the limitations of email attachment limits. It’s totally free to use, and pretty easy to use.) The site was hosted by GoDaddy, but they are discontinuing ColdFusion support, so that required a total rewrite of the code into PHP/MySQL. That is almost done, some minor code work needed to finish that up. That site should be ready to go live by next weekend. (The www.filehurl.com link is still live, running under the old ColdFusion code.)

A new site was created as a response to Dr. Jerry Pournelle’s detailing of some of the silly things that our government spends my money one. Did you know that the FDA has regulations and licensing requirements for people that raise rabbits for use by magicians? It’s true! So, I created the Bunny Inspectors site (www.bunnyinspectors.com ) where that silliness can be documented. You look at the items on that site, and then you understand why the federal budget is so screwed up. (Although some states are just as bad.) The site name amused me, the domain name was available, so off I went to register and create the site.

That happens a lot. I get a silly idea, and a web site usually results. There’s “Mad Because” (www.madbecause.com ) and the companion “Glad Because” (www.gladbecause.com ). The Pragmatica site to help inspire greatness (www.thepragmatica.com ).

And then the BBQ/Food related sites, starting with “The BBQ Grail” site for my friend Larry Gaian (www.thebbqgrail.com ) – who is the inventor of “MOINK Balls” (a great BBQ appetizer, BTW). The FoodieFeeds site (www.foodiefeeds.com ), which is a way to find the latest posts from various food-related sites. And others.

Not all the sites are successful – they do get visitors, some more than others, but I am still waiting for the one that will go viral. Maybe it will be the next site I am thinking about.

But all of them keep me entertained.

I’ve been doing a bit of work lately killing off the “TimThumb” attack in some WordPress blogs, which was due to the TimThumb image manipulation program that is installed in some WordPress themes and plugins. I’ve found it in the “IGIT Related Posts” plugin on the sites I have worked with, but it can be used in themes and other plugins. It’s not a fault in WordPress itself, but in the plugins and themes that have the vulnerability.

I use the Atahualpa theme in all of the WordPress blogs that I set up, and I know that the TimThumb code is not used in that theme. I did see one site where the owner had been using the IGIT plugin, which puts a ‘related posts’ at the bottom of a post.

The first indication that the owner found was when he was getting an ‘header already sent’ error while trying to log into the WP admin page. Here’s a list of things that I found helpful in finding and getting rid of the problem. Some of these are a bit technical, so tread carefully. And this list is not complete, as the attack is changing daily.

What to look for

1) Look for error messages when you try to get to your WordPress admin login page.

2) Do a View Source of your main/home page, and look at the end of the file for anything that is after what your normal footer looks like.

3) Look at your index.php file in the root of your WordPress site. And page through the entire file. I found one with lots (2000+) of blank lines then the viral code then more blank lines.

4) Look at the wp-config.php and wp-settings.phps file for anything out of the ordinary.

5) Look for any file called ‘timthumb.php” throughout your web site folders.

6) Scan your web site with the tool located here: http://sitecheck.sucuri.net/scanner/  

Some remediation that I have done

1) Disable then delete the “IGIT” or “Tom Thumb” plugins. Make sure you delete the files.

2) Change your administrative-level passwords.

3) If you have a user called ‘admin’, change that password. Then create a new administrative-level user, log in as that new user, and then delete the ‘admin’-named user.

4) Update all plugins

5) Update your WordPress files to the latest version (this may fix the added code in index.php and other files.

6) Consider changing the WP database user/password (this is a bit complex, and if you do it wrong, you can break your blog).

7) Change the password for your host login

8) Change the user/password for any FTP accounts (get rid of any extra FTP accounts)

This attack is a bit widespread; at the moment it is not damaging, but that can change. There are some other security things you can do to lock down your WordPress site, some of them more technical than others.

But, all important.

Had a few problems with some of the web sites over the weekend. So did a bit of hardening of the hosting accounts, and the web sites. Took a bit of time, but there should now be less of a vulnerability profile. There will be some more hardening happening over the next few days, but nothing the casual visitor will notice. The ‘un-casual’ visitor won’t notice either, since they won’t be visiting soon.

But that brings to mind some things that need to be done by all. You’ve heard it all before: regular changing of passwords, updating applications, etc. One thing you might try is Secunia’s Personal Software Inspector (see http://secunia.com/vulnerability_scanning/personal/ ). A free program, a quick download, and it checks to make sure that all the programs on your computer are current. It has the capability to do automatic updates of most programs, and helps with the non-automatic updates. It’s very non-intrusive on your system resources. Highly recommended.

If you have that program, Windows Updates set for automatic, and Microsoft’s Security Essentials, you will be well-protected against attacks. You still need to be aware, and do the basics (it’s time to change those passwords), but those three things will help.

Go change your passwords now. I’ll wait.

Good job!

And speaking of earthquakes, as a former Californian, I’m not impressed by the little 5.9 one today on the ‘right coast’. As my good friend said: “Come on East Coast it was only 5.9, In California we fart harder than that!” 

Heh.

The weekend arrives!  As usual, the laptop in the lap, working on some code for Dr. Jerry Pournelle’s web site (www.jerrypournelle.com/chaosmanor ). Some good commentary there on current events and more, so all ten of you should visit (although most of you already do). Dr. Pournelle gets a few more visitors/day than I do (about 9000 more at last count), but he has better content (and posts daily).

The current project is a randomized display of his new ebooks. A database will hold all the information about each book, and some clever PHP programming will display two book covers and links, similar to what is there now on the right side. If you enjoy science fiction, then you should take a look at his books. The new ebooks are in Kindle format, but we’re also adding EPUB-format for you Nook and other EPUB fans. Reasonably priced.

Other than that, the normal weekend projects. Lawn mowing, some minor house maintenance, etc. And some web site work for Dr. Pournelle and others. That should keep me busy enough. Although there is probably some scheduled nap time also.

I have been so busy on other sites that this one is looking a bit unprofessional. Long list of things that need to be fixed to improve the presentation of this site. Probably should spend  a bit of time on visual changes for the hordes (read 10, and that includes family) of visitors here. And just noticed that many of my plugins are borked.

…which is the reason for the title of this post.

This place has got no shoes.

I’ve been spending a lot of time doing things other than updating things here. Most of my time lately has been working on hosting changes for various domains, including this one. For years, this site has been hosted by Brian and Greg, who operated a small hosting company. Their client included several of the original “Daynoters” group, who I became involved with at least 10 years ago. This was a group that created their own web sites where they write mostly daily notes on their activities. They were at the vanguard of the millions of bloggers that write today. This was all pre-Blogger and pre-Wordpress, which make it much easier for non-technical types to create a blog.

I decided to get in on that, mostly as a way to get the “DigitalChoke” short story on the Interwebs. So I started by creating all of the web pages to make “DigitalChoke” story readable on the Interwebs, plus a mostly daily blog of what I was doing. I eventually got inducted into the “Daynotes Gang”, and used Brian and Greg’s hosting services.

After many years of being excellent site hosts, Brian and Greg decided to move on to other areas of interest, so their clients needed to find a new host. I’ve been using JustHost and Bluehost for several years. The JustHost folks have been the hosts of this site (and all of the others that I have created over the years. But I also worked with Bluehost for several of the other sites I maintain.

Among Brian/Greg’s clients was Dr. Jerry Pournelle, science fiction writer, and long-time columnist for the late Byte magazine (print version; they are starting up an ‘e-magazine’ soon). I’ve been reading his Byte columns since the 1970’s, and have followed his web site (www.jerrypournelle.com ) almost since it’s inception. And I have been on his small board of advisors for many years.

So when the notice came that he needed to move his domains to a new host, there was a discussion by his advisor’s group on what to do. And I volunteered to do the work of setting up and moving his domains to a new host (we chose Bluehost). He wrote his site using FrontPage 2003, which is no longer a supported product by Microsoft. And although he has probably one of the original ‘blogs’, this process was getting a bit cumbersome – there was a bit of back-end work that had to be done to keep his content visible.

His advisors group had been discussing moving his blog to a new platform, so I created a test WordPress area that would show how WordPress would work as a new blogging platform. And then the need for the hosting move came up, and we decided (with Dr. Pournelle being somewhat reluctant) to move to the WordPress platform with the hosting move. So I have been spending a lot of time fine-tuning the new site, modifying the theme (Atahualpa; excellent WordPress theme with full customization ability), plus the actual moving of the almost 1GB of content on his sites. And some custom programming of the backend programs that are used by WordPress to display the content. And setting up his mail accounts, spam filtering, subscriber databases, etc.  Along with some new training in the processes of creating the content for the WordPress-based blog, setting up accounts, making DNS changes, and all of that. All stuff that I have done before for the 30-odd domains/sites that I own or maintain.

And during that time, working on several e-books for Dr. Pournelle’s republishing of his science fiction books.

So a lot of night and weekend work to get things moved and ready for the hosting move. Plus a lot of work tweaking things. But the hosting move for Dr. Pournelle’s sites is done; you can see the new WordPress-based blog at www.jerrypournelle.com/chaosmanor .I think it looks pretty good. We’re still tweaking his writing/publishing process. He’s using (mostly) Microsoft’s LiveWriter to create and publish his WordPress entries. It’s a pretty nice but basic program that lets you create and publish with a Word-like interface, plus the benefit of seeing the content as it will look ‘live’. (In fact, I’m using LiveWriter to create this entry.)

All of that, plus the usual house and family stuff. Pam’s got a new giant scraproom in the basement, I have a small garden (strawberries, peas, and tomatos) after the late spring around here, plus the weekly meetings with the 11-year-old Scouts. And the visits from the grandchildren and children for Sunday dinner (tri-tip today). And there is the full-time day job to take care of.

Been a bit busy.

  for Dr. Jerry Pournelle. His main site (www.jerrypournelle.com ) required moving to