Holy Shmoly!

So, day one of WordCamp Ireland draws to a close, there is a dinner tonight but the talks and sessions are over for the day.

I briefly helped John Handelaar during his talk on WordPress MU, but my main talk was on WP Super Cache. Thank you Hanni, Jane and Sheri for recording the talk. Hopefully it’ll be available online next week. In the meantime here’s the OpenOffice slides of my talk.

I must extend a big thank you to Sabrina Dent and Katherine Nolan for organising a great day and to the sponsors who made the weekend possible.

Looking forward to the dinner tonight, and the rest of the conference tomorrow.

Update! I’ve added a few photos from Day 2. I was shattered tired though as I was up until 1.30am chatting with Donnacha!

Update 2! Sabrina has written a thoughtful post about WordCamp Ireland. I for one had a great time there and so did everyone I spoke to. I totally agree with her about child minding facilities. My son Adam had a whale of a time, and is still talking about it. (and for an almost three year old, that’s a very good sign!)

Oh, more photos on Pix.ie!

WordPress MU 2.9.2 has just been released and is mostly a security and bugfix release based on WordPress 2.9.2. Grab it from the download page.

As well as the security fix mentioned above, this version also fixes a few bugs, makes the blog signup process much faster and adds a new “Global Terms” Site Admin page.

The “Global Terms” page is one I should have added years ago. Currently it’s fairly bare, but hopefully in future versions of WordPress it will be expanded. It allows the Site Admin to “fix” the terms (tags and categories) used in MU blogs. These terms are normally synced with the “sitecategories” table but sometimes they go astray. This can happen if you “import” a blog using PHPMyAdmin without going through the WordPress importer, or if a plugin manipulates the terms table directly.
WordPress MU forces the “slug” used by terms to be a sanitized version of the “name”, which isn’t the case in WordPress. This page can optionally rename the terms so they match the slug. It doesn’t do the opposite because that would break public facing URLs on the site. (I must extend a big thank you to Deanna for helping debug that page)

Enjoy!

I just ran the following code on the 2009 archive of my inbox.

grep "From: " 2009|cut -f 1 --complement -d " "|sort|uniq -c|sort -nr|less

I received the most email from bots and scripts, among them WordPress.com, Twitter and Facebook. Of the real people here are the top 5 names you may recognise:

1. Maya Desai (109)
2. Matt Mullenweg (96)
3. Sheri Bigelow (76)
4. Michael D Adams (37)
5. Barry Abrahamson (34)

This was of course inspired by Matt’s post in January. I should do the same for Twitter replies/messages and for blog comments. I somehow doubt there would be much overlap between Twitter DMs and emails.

Well, this is a surprise. One of my .ie email addresses got a very targeted phishing email. It was so specific that it was actually written in Irish! It wasn’t directed at me, but at a list owner address at linux.ie.
I wonder if the spammers know how many Irish people could actually read their email easily? It’d certainly be easier for most people to read in English.

Aire

Tá mé an tUasal Patrick KW Chan an Stiúrthóir Feidhmiúcháin agus Príomh-Oifigeach airgeadais Hang Seng Bank Ltd, Hong Cong.
Tá mé togra gnó brabúsaí leasa choitinn a roinnt le leat;
Baineann sé leis an aistriú suim mhór airgid.
Fuair mé do tagairt i mo cuardach a dhéanamh ar dhuine a oireann mo chaidreamh gnó molta.
Má tá suim agat i obair liom teagmháil a dhéanamh liom mo trí r-phost príobháideach (mrpatkwchan52@yahoo.com.hk) le haghaidh tuilleadh sonraí

Dearbhófar do fhreagra túisce chun an litir seo a mhór.

An tUasal Patrick Chan
E-mail: mrpatkwchan52@yahoo.com.hk

I suppose it was bound to happen now that Google translates text into Irish. Well done to Gmail for marking it as spam!

This is weird, a huge number of POST requests started to hit the Shite Drivers website a few days ago. The requests came from lots of IP addresses and all requests went to the non existent /bc/123kah.php

The payload was an array that looked like this:

Array
(
    [showed] =>
    [clicked] =>
    [version] => 2.6.2.4
    [id] => c3b342beb6ad7adf39499e7a38f93c09f681611d
    [tm] => 1266855758
    [aff_id] => gooochi
    [net_id] => gooochi
    [safe] => 1
    [exceed] => 2505,2507,2582,2597,2602
)

So I presume it’s the Gooochi malware referenced in this search for that word. Strange that the infected PCs hit my server though.

The traffic was never overwhelming but I decided to put a stop to it with a simple deny from all in a .htaccess file. Much better than having WordPress serve up a 404 page.

I mentioned the 123kah.php file on Twitter and I’m not the only one to see these odd requests. I guess even malware has bugs! (which is all the more reason to keep your anti-virus software up to date if you use Windows)

Sometime last year I noticed that links to my blog on Feedburner had attracted a few extra parameters. A simple link to a post became this huge monstrosity:

http://ocaoimh.ie/exploit-scanner-095/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HolyShmoly+(Holy+Shmoly!)&
utm_content=Google+Reader

It’s a marketing thing right? It’s all useful information but I don’t really care about it, have never used it and don’t like my URLs getting mangled. It annoys me for two reasons:

• People will probably use that big long url in their own posts. Other people will use the shortened custom permalink that my blog provides. Won’t the pagerank earned by the post be split in two now?
• It makes caching less efficient. Supercache won’t create a static cached file of the page. It will create a regular php powered cache file but when you’re running Supercache you want the very best performance don’t you?

So I added a new option to Supercache to redirect the url and get rid of the utm_source bloat.

If you want to give it a go, grab the development version of the plugin and upgrade.

Oh, and if someone has decent docs on utm_source and it’s friends I’d love to read it. Google didn’t return much when I went looking.

I’ve just released version 0.95 of WordPress Exploit Scanner.

This release fixes a number of bugs and makes it easier to scan for exploits and read the results.

I’ve added an “Exploits” scan level which looks for obvious code that hackers use. It will return a few false positives but it’s a good first scan to try if you suspect your website has been hacked. You can then use the “Blocker” and “Severe” to scan for ever more suspect strings.

Scans are now done 50 files at a time, with the page reloading after each. The scan results are saved in the database (in your options table as not-autoloaded records to minimize load on your blog) and you can open another browser window or tab on the Exploit Scanner admin page to view the saved results even before the scan is completed.

MD5 hash records for WordPress 2.9.2 have been added, and the hash records for 2.9.1 were corrected.

In other news I’m looking for testers to try out the almost ready WordPress MU 2.9.2. More details are on the forum thread above.

Well, the new WP Super Cache is available now.

This release adds experimental object cache support. Don’t go looking for it unless you have an external object cache already. It won’t show up. I recommend using the Memcached object cache.

Some of the other major changes include more translations: Chinese (Pseric), Ukranian (Vitaly) and Japanese (Tai). The Italian and Japanese translations have since been updated but not included in 0.9.9. You can grab them from the languages directory if you don’t want to wait until the next release.

If you have WordPress Mobile Edition installed the plugin will grab the list of mobile user agents from that and warn if your .htaccess is outdated.

And, a small but significant change is that the PHP cache loader will use the static “super” cache if necessary. This might happen if your rewrite rules aren’t working properly and not serving cache files. At least your anonymous visitors will see some sort of cached file. Use the debugging system built into the plugin to determine where the cache comes from.

See the changelog for the complete list of changes.

I was in Dublin yesterday to see Matt and Craig become Honorary Patrons of The University Philosophical Society in Trinity College. It was a low key informal event with many students and a few staff in attendance.

Eamon Leonard, of Echo Libre, kindly used my Flip Mino to record the Q&A session that followed. I want to express my gratitude to him for doing a fine job, especially as I saw him switch the camera from arm to arm during the hour long event. It wasn’t easy holding the camera aloft for so long. I’m currently transcoding the video and trying to make it smaller before uploading it.
I’ll add it to this post later, you won’t want to miss it!

Update! Matt was interviewed by Silicon Republic earlier today. Catch up on what’s happening at the Web Summit in Dublin by following #dws2 on Twitter.