Standard Mischief

Well, it’s pretty painless to me, because I install and update mine via Subversion, but still. I can barely get a post out before another important exploit fix comes around.

In addition to the security fix, 2.5.1 contains many bug fixes. If you are interested only in the security fixes, you can download these corrected copies of wp-includes/pluggable.php, wp-admin/includes/media.php, and wp-admin/media.php. Replace your existing copies of these files with these new copies.

I hope your host has one-click install/update at the very least. If you don’t want to do the whole installation again, it seems you can rename your old files with a .bak extension, and copy over the three new files as a quick fix.

Subversion Mischief:

$ svn sw http://svn.automattic.com/wordpress/tags/2.5.1/

Update: there’s a recommended but optional updated wp-config.php in the new package, but it’s called wp-config-sample.php to keep it from overwriting your current file. To use it:

1. Rename your old wp-config.php to something like wp-config.OLD.php .
2. Open that same file in notepad or another simple editor. Word wrap should be off.
3. In another window, open wp-config-sample.php for editing.
4. Copy over the proper DB_NAME, DB-USER, DB_PASSWORD, and if needed, DB_HOST.
5. Scroll down to where it says ‘put your unique phrase here’, and between the quotes, insert a long string of random upper and lower case letters and numbers, or use this page to randomly generate yourself a string
6. Save this file as wp-config.php . You’re done. If you used notepad, please check to see that the damn thing didn’t add a .TXT extension to the end. Go and load your blog and make sure everything is working.

This is just the typical test post. I wasn’t going to upgrade yet, but there is apparently an exploit for WordPress 2.3.3 (or perhaps some earlier version, my source is a little sketchy with the details).

I though I caught the bug, and searched around for more info. This page talks about “hidden link injection,” while this page has a different exploit regarding a new directory. I seem to have neither of these.

What’s really weird about WordPress now (and before the upgrade), is that it seems that my blog is sending – in response to a request for my RSS feed – zip compressed content whether or not it’s requested or even supported by the reader doing the request. I have no idea why this started happening all of a sudden.

At least, thanks to cURL, I know what the heck is going on.

$ curl http://standardmischief.com/blog/feed/|head

About 50% of the time this will feed me garbage. The head command it there to limit the scope of the garbage.

$ curl --compressed http://standardmischief.com/blog/feed/|head

Nearly the same command, but the –compressed option actually requests compression and decodes it if it arrives that way.

Stumped.

Update, 10 minutes later: As I was composing the service request, the issue seemed to have disappeared. I’ll hold off and keep an eye on the problem. My feed has been off all day (I suppose my reader does not accept gzip), but it’s working fine now.

Update 2: Here’s a terminal screenshot: (179k)

The story from my host is that the power was cut off to the entire third floor of the place that my host collocates at. Some kind of improperly scheduled maintenance. My site went down sometime early on the ninth of March, Eastern time and has been sporadicly available since then, although this is the first time I’ve been able to login.

This is also why such sites as BugMeNot and RetailMeNot have been offline. Same host.

I’ve been meaning to post my impressions of my host, and now this timely outage. I suppose my synopsis would be: NearlyFreeSpeech.NET great prices, great service, no sluggish oversold shared hosting, no cut-n-paste email tech support, a truly outstanding privacy policy and unfortunately, lately, the hosting uptime of a free dot.bomb webhost.

Arguably, the uptime should not matter for someone who posts a few times a month, but it sure is annoying.

If you have been having connection issues to the blog, well it’s me — not you.

It seems that despite moving domain registrars, DNS is still set by my ex-domain hosting company for some reason. Those A records are pointing to IP addresses owned by my current domain register, but at their old data center. Forwarding those to the current bank of IP addresses is what the intermittent problem is.

The emal address that I leave in the comment form over at your blog is also in those old DNS records, so that email address may die. I’ve not figured out a solution for that yet (or at least I haven’t settled on a new provider yet)

Update: Should be fixed. Two emails and two non-form letter email responses in about 24 hours took care of it. Love my hosting company.

So, about six months ago, I move the blog to a new subdirectory, and everything breaks.

So I start a voyage of self-discovery on how .htaccess files work in order to fix everything. I figure things out but for some reason beyond my knowledge, I don’t actually implement any of those fixes. Search engines that regularly scrape my pages for content can no longer find my blog, and my traffic drops to almost nothing.

Today I finally fixed things.

The first issue was my root website directory, as many spiders try to scrape my homepage. I created a kludgy html redirect page, but many spiders don’t really like to follow links like that. What I really needed was a 301 redirect, but my attempts to make one using .htaccess were filled with recursive fail.

The solution was a simple php file, placed in my root web directory, called index.php

<?php
header ('HTTP/1.1 301 Moved Permanently');
header("Location: /blog/");
?>


The second problem was all the links out there on other blogs pointing to my old posts. I tried to use mod.rewrite again, but that only seemed to work when my posts called for an existing but renamed picture or something. When someone followed an external link to say my most popular post ever, my “Zumbo timeline“, they got a 404. To fix those, I had to add the following lines to my htaccess:


Redirect 301 /2005 http://standardmischief.com/blog/2005
Redirect 301 /2006 http://standardmischief.com/blog/2006
Redirect 301 /2007 http://standardmischief.com/blog/2007

I think that fixes everything.