Iframe-B-Gone 1.1

Announcing the immediate availability of Iframe-B-Gone 1.1.0. This new version’s interface matches better with WordPress 2.5’s new dashboard. A dashboard widget performs quick scans of the default terms (yes terms, delimited by comments) and counts how many infections have been cleaned. Note that even with multiple search terms possible, only automatic removal of iframe tags is fully supported. That said, the WordPress Exploit Scanner may be a more valuable tool even though it does not automatically protect against iframe injections.

The new version is available on the Iframe-B-Gone project page.

-John Havlik

[end of transmission, stay tuned]

Heck of a Week

Well, Breadcrumb NavXT 2.1.3 was going to be released on Thursday, but then some problems arose in the testbed. Truth be told it is my fault, I was playing around with HP’s Scrawlr (SQL injection vulnerability tester).

Since it was on a LAN, there was little stopping it from overloading the poor old p3 866 that I use for my web development testbed. No it did not completely lock up, but it did kill its Ethernet connection. As the testbed sits in a closet, without keyboard, mouse, or monitor I simply pressed the power button until it cycled off. Of course, this is not the recommended way to shut something down. I ended up corrupting the PHP5 libraries.

Luckily things weren’t beyond redemption, I resynchornised my ebuild list, emerged portage (self update), emerged apache and PHP. Now I get to reemerge PHP again as it wasn’t compiled against the correct version of Apache for some reason. Hopefully this will be fixed in an hour or so when PHP is done compiling. Then I can get back to work on Breadcrumb NavXT. 2.3.1 will be released by Monday, hopefully tonight if all things go well.

For 2.3.1 I’m looking into a fix that will allow the API filters to work on the correct elements in the breadcrumb. They should already do this, but as observed by users of qTranslate (it’s like the Polyglot plug-in) it is not working for some reason.

-John Havlik

[end of transmission, stay tuned]

New Database Server

So this past weekend the new database server was installed (physically) at the data center. On Monday JD installed Gentoo, and then I setup mySQL on it (plus some security things). Last night JD transfered over this blog and another over to the new database server for initial performance testing. Later this week and month, additional blogs hosted by Weblogs.us will be transfered over and performance tweaks will be applied. Hopefully, by June everyone will be on the new database server. At that point, signups for more blogs may be possible. It also looks like we may be reintroducing the Weblogs.us front page that I designed a while back.

Right now, the speed increase is apparent on this blog, especially when working in the WordPress dashboard. All those AJAX elements instantaneously load now. Additionally, Spam Karma 2’s administrative section loads much faster than before. There should not be any more of those failed comment submissions due to timeouts now, which is an all around plus.

-John Havlik

[end of transmission, stay tuned]

One Regular Expression

i.?[:punct:]?.?f.?.?.?r.?.?.?a.?.?.?m.?.?.?e

That should find most iframe phrases when used in a SQL query, which I won’t lay out here (fairly easy to do with phpMyAdmin, it’s literally a copy and paste procedure in the “search” form just change the mode to the proper setting). I tested it against over a year and a half of my archives with some purposely planted and obscured iframes and it has no false positives. This will find any iframe obscured via methods found in attacks on Weblogs.us and it’s users. It may be advantageous to remember this for when Iframe-B-Gone is ready.

-John Havlik

[end of transmission, stay tuned]