I’ve seen a new kind of comment spam at MacMegasite recently. The title is always a single word or a name and the content is a long string of random words, each of them a link. I haven’t looked at the URLs or followed the links. I assume it’s to boost their page ranking. When I see one of those, I delete them on site. Today I added an IP deny for all of t-ipconnect.de, which is where most of them seem to be coming from. I may end up turning off anonymous posting of comments.
Web
DSL Extreme
I upgraded my BellSouth DSL service to DSL Extreme, which includes a static IP address and promises speeds up to 3000/348 for only $5/month more. I eliminated an optional service which was costing $5.50/month, so I’m still paying the same amount. I tried a few speed tests and I now see speeds of about 2300/304. Not quite the promised speed, but better than 1500/256 I had previously.
Strange WordPress/Safari problem
I’m unable to login to my weblog’s admin page in Safari, although I can log in OK with FireFox or even IE. When I try to log in with Safari, it immediately shows bad username/password in red before I even enter anything.
Internet Explorer sucks
Someone told me that the text on a page I made was coming out too light, which I hadn’t seen when testing that page in Mozilla, Safari, or Opera. Yet in IE some text on that page was very light gray. The page uses several style sheets, and it turned out there was a line with a color attribute commented out using ‘//’ in one of those style sheets. When I removed that line, it came out right in IE. No other browser was affected by it.
Moved to WordPress
I suddenly started having trouble with Movable Type yesterday and I was no longer to post entries, so I’ve moved this weblog to WordPress. Importing entries from MT was fast & painless. I’m still tweaking the stylesheet a bit. The old weblog can still be seen here.
Automated SQL injection
Via Lockergnome Bytes:
Automated SQL injection: What your enterprise needs to know: “SQL injection exploits may soon be as common as those targeting Windows and Unix flaws, experts say. An estimated 60% of Web applications that use dynamic content are likely vulnerable, with devastating consequences for an enterprise. A presentation of an automated attack targeting SQL injection flaws is planned for Black Hat Briefings this week in Las Vegas. This two-part interview with SPI Dynamics CTO Caleb Sima will tell you what you should fear, why and…”
This is why PHP-Nuke should be avoided. It doesn’t attempt to be secure, with user-provided values passed directly to SQL queries without any error checking or quoting. Drupal, on the other hand, never passes any user-provided values directly to any query.
Phpnuke.org attacked
Phpnuke.org is reporting a massive DoS attack to their server which damaged their forums. Maybe this will wake them up to the security issues which plague PHP-Nuke.
Interesting log entry
I see someone still thinks I’m running Nuke and is trying to hack MacMegasite, as this log entry shows.
Hacked Again
MacMegasite was hacked once again. I’m planning to convert it to Drupal this weekend.
Hardware Problems
All of my sites were down for several hours due to a hardware failure. At first they thought the hard drive failed, but it turned out to be only a bad cable. Thankfully no data was lost.