security – Page 4 – Climb to the Stars

WordPress wp-login.php Problem [en]

Explanation and solution to the nasty Wordpress problem which keeps kicking you out of your admin section with ridiculously long URLs. Just a few lines to delete in a file.

[fr] La solution au problème qui fait qu'on se retrouve parfois régulièrement expulsé de la partie admin de WordPress, et qui implique des URLs d'une longueur indécente, ne menant nulle part. Il suffit de supprimer deux lignes dans wp-login.php.

Yesterday, without a warning or an explanation, my WordPress install started acting funky. Even though I was logged in, I would be faced with very very long URLs showing me a broken login page when I tried to go back to the admin section (something like http://climbtothestars.org/wp-login.php/wp-admin/wp-smilies/wp-content/wp-admin/post.php?action=edit&post=xxxx). Deleting all the cruft after wp-login.php allowed me to log in, but a few clicks later I would find myself faced again with the same nasty situation.

This is caused by a bug in wp-login.php. What happens is that the Blog URL option gets changed to that long funky line in the database, and of course, it messes everything up.

The first thing I did was correct the siteurl value in the database (options table), because I have direct access to the database and like sticking my hands in there. If you don’t have access to the database, you can probably (I’m not certain) set this right through the Options screen in the admin section for your blog. (Remember, if you feel locked out, go directly to http://example.com/wp-login.php to log in.)

There is a forum thread about this problem, but the solution isn’t presented very clearly to my taste — hence this post.

Now for the fix: if you are not going to be moving your blog around (ie, changing the blog address) without having direct access to the database, you can edit the file wp-login.php and delete a couple of lines. Open wp-login.php in your favourite text editor, and do a search for get_settings(‘siteurl’) — that will bring you to the right place in the file. Delete these lines:

// If someone has moved WordPress let's try to detect it
if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])
!= get_settings('siteurl') )
update_option('siteurl', dirname('http://' . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI']) );

I’ve had a similar problem with my Blogsome test blog — with the URL for the CSS file going all funky. It seems to be back to normal, but I’ll check that they are indeed aware of the problem.

Quick Comment Spam Tip for WordPress [en]

Here are the two plugins you need to fight comment spam using WordPress.

[fr] Deux plugins pour combattre le spam de commentaires sous WordPress: Kitten's Spaminator et Kitten's Spam Words. [Edit 03.12.2004] Ou plus simple, Spam Karma, que j'utilise à présent.

If you want a quick tip to protect your WordPress installation from comment spam, the killer plugin combination is Kitten’s Spaminator and Kitten’s Spam Words.

The second allows you to “delete as spam”, adding keywords and IPs to the filter, and the second gives “spam points” to new comments (ie, for words matching the filter, previous comment posted within the last x minutes, IP matching the filter), deleting those over a certain threshold directly, and queuing the others for moderation. It’s also smart enough to give bonus points if the commentor has already had comments posted on the blog.

Edit 04.12.2004: See the comment, I’m now using Spam Karma rather than the two plugins presented above.

Bloguer anonymement [fr]

On peut vouloir l’anonymat sur son weblog pour deux raisons: (a) de peur que notre entourage ne découvre notre weblog, et (b) afin d’éviter d’être contacté nominalement par les inconnus.

[en] Two reasons, in my opinion, explain why people might want to blog anonymously: (a) to prevent people they know from reading what they write on their blog; (b) to prevent unknown people who read the blog from tracking them down. In both cases, there is a desire to create some kind of barrier between online and offline. In the first case, the aim is to prevent offline from penetrating online. In the second one, it is to prevent online from penetrating offline.

I think people who "go anonymous" for the first reason are those who are at risk of losing their jobs, falling out with family and friends, or at best, spend a few embarrassing moments if they are "outed". I personally think it's a pretty risky thing to do. On the other hand, I think the second reason can make sense, and even be a sensible choice in some cases -- for example, in the case of a lawyer who would not want to be contacted for professional reasons by people who know him through his weblog.

Lors de la première séance du “projet weblogs” avec les élèves (plus de détails prochainement, et un weblog séparé pour traiter de tout ça), nous avons discuté du fait que nous ne les laissons pas publier de manière “anonyme”. Bien sûr, leur nom de famille n’est pas révélé, mais leur véritable prénom l’est.

J’ai mis en avant ce que je considère depuis longtemps être les dangers du pseudonymat sur le web (je ne vais pas m’étaler, je l’ai fait bien assez déjà ): on risque de se permettre d’écrire des choses que l’on serait bien embarrasé d’assumer devant son employeur, ses grands-parents, ses copains ou la voisine du dessus.

En lisant Eolas, j’ai eu une soudaine illumination. En effet, je vois maintenant deux grandes familles de raisons pour lesquelles on pourrait vouloir ne pas révéler son identité sur son weblog:

on ne désire pas que les gens qui nous connaissent puissent avoir accès à ce que l’on écrit en ligne (on cache ce qu’on écrit)
on ne désire pas que des inconnus puissent accéder à son identité (on se cache).

La première est bien entendu celle qui peut nous valoir un jour ou l’autre de nous brouiller avec famille et amis, de perdre notre emploi, ou de subir encore d’autres conséquences désagreables.

La seconde raison est celle qu’invoque Eolas. Il est avocat, et ne désire certainement pas être contacté par le biais de son weblog pour des raisons professionnelles ou paraprofessionnelles. Je n’ai pas l’impression en le lisant, cependant, (qu’il me corrige si je me trompe, mais dans tous les cas, c’est un cas de figure que l’on pourrait imaginer) qu’il se retrouverait embarrassé d’une façon ou d’une autre si son entourage apprenait l’existence de ce weblog. Il serait même tout à fait possible que les personnes qu’il connaît soient parfaitement au courant de ses écrits en ligne, sans que cela pose problème.

Si l’on choisit l’anonymat (ou le pseudonymat) pour son weblog, c’est qu’on est à la recherche d’une certaine étanchéité entre sa vie d’auteur de weblog, et sa vie “tout court”. Dans le premier cas de figure, on cherche à empêcher les gens faisant partie de notre vie hors-ligne de pénétrer dans la sphère du weblog; dans le deuxième cas, on cherche à empêcher la sphère du weblog de déborder dans notre vie “tout court”.

Si je décourage fortement tout weblogueur de choisir l’anonymat pour la première raison évoquée ci-dessus (je pense, par exemple, que le “journal intime sur internet” que personne ne connaît est un leurre à long terme), je suis nettement moins catégorique si les motivations sont de l’ordre de la seconde raison, et je pense que dans certains cas (celui d’Eolas par exemple), elle est même un choix raisonnable. Néanmoins, il faut garder à l’esprit que l’anonymat ne dure que tant qu’il dure: que quelqu’un découvre l’identité d’Eolas et la mentionne ailleurs sur le web, et sa “couverture” s’en retrouvera affaiblie.

Alarm: Orcut, Evil Fake Orkut Clone? [en]

How I thought orCut.com might be a phishing operation to grab orKut.com usernames and passwords. A comment on Google’s irresponsibility in encouraging users to fall for phishing.

[fr] Comment j'ai cru que orCut.com était un faux site destiné à ramasser des mots de passe orKut, et un commentaire sur l'irresponsabilité de Google, qui par de telles pratiques encourage les internautes à tomber victimes du phishing.

Preliminary note: although nice blogging tools like WordPress have really sexy interfaces for you to type your posts in, resist the temptation. I won’t tell you more, except that Q and W are right next to each other on my keyboard, and that I’m about to write up this bl***y post for the second time.

So, I’m a bit of a referrer junkie. When I see something new, I usually click’n see. Today, I found this in my recent referrals. Now, since I nearly got phished, I’m a bit cautious, and I immediately noticed that it was orCut and not orKut in the URL, even though (particularly as) the pages on the two sites look exactly the same.

Do you smell a rat? I smelled a phish, and it seems I’m not alone. A quick expedition on google, however, tells us that many think orCut.com is legitimate. Scary! Think of what these people would do with all the juicy information they would get out of our Orkut logins and profiles! And hey, it’s not just orCut, there is orkAt too!

But wait. Everybody freeze! Look what Suw managed to dig out: a May 04 post from Evan William’s blog, telling us orkAt, orCut, and even orCIt are legitimate alternatives to orKut.com. Well, we’re most relieved to know this wasn’t all some evil scam — and Ev should know what he’s talking about, as he works from Google.

However, doesn’t it strike you as a trifle irresponsible on the part of Google to do something like this? I mean, doesn’t this make users more vulnerable to phishing? Next time they get a PayPal e-mail with a fake link in it, are their alarm bells going to ring, after their positive experience with the “alternative Orkut URLs”? Methinks they could at least have specified the alternate URLs somewhere on the home pages. A quick trip to orkut.com would have cleared any doubts of mine. ‘Coz now, who is to stop Orkit.com, or any other nice-sounding possible clone that phishers may come up with?

Paypal Scam Nearly Got Me [en]

How I almost got scammed by people masquerading as PayPal. Remember to always type https://paypal.com in your browser, and never to click links!

I consider myself pretty web-savvy and spam/hoax-aware. Today I very nearly got fooled into giving my PayPal information to some shady characters.

This morning I got an e-mail from PayPal — or so I thought. It looked nice and branded, no spelling or grammar mistakes, security warnings telling me not to give my password or anything to anybody, and even a link inviting me to go and see PayPal’s Security Tips page. It was just asking me to login on the site and check my data there (that’s what I understood then, re-reading it now, it says they will verify the information I have entered, which is much more fishy).

I had already made a mental note of one of the PayPal warnings, which is to not trust any other site than https://www.paypal.com/ (I’m not linking it so as not to encourage you to click on links which seem to point there — you’ll understand why in a minute). Now, remember this was early morning for me (don’t you also check your e-mail in the morning?). I clicked on the login link, and noticed the browser was sending me to a website identified by an IP address (194.183.4.23 in this case). I stopped everything, and clicked the nice blue link that said https://www.paypal.com/us/cgi-bin/cmd=profile-update. The login page looked furiously like the real PayPal login page, and I was about to login with no second thoughts when I noticed the name in the browser bar was http://www.ssl2-paypal.com/support/update.html — not the link I had clicked on!

I had seen this address before, in another “PayPal” e-mail I had got a couple of weeks back. Already then they had managed to fool me, even though the e-mail was less well crafted than this time. I smelled a rat, so finally typed https://paypal.com/ in my browser and logged in there. Nothing special happened.

I dug out the previous e-mail, slightly worried now. You see, although I had been suspicious about this first e-mail, I do remember that I had logged in somewhere. But to this moment I’m not sure if I logged into the fake website or if I had the sense to point my browser to the real PayPal website myself before logging in. I think I did, I hope I did, and in any case I just checked my account for fraudulous activity and changed my password. The first e-mail was really bad, but I was convinced enough that it came from PayPal to forget about it, just making a mental note that their copywriting was really really poor.

This made the second scam e-mail seem all the more real: when I got it, I thought “oh, so that last e-mail must really have been a fake, this is what a real one looks like.” Poor unsuspecting me.

At this point, I still thought the second e-mail was a “real” one, but that the ssl2-paypal people had someway managed to hack a redirect on the official PayPal site. I hadn’t looked at the e-mail source yet, see?

Anyway, I decided to report the first e-mail I had received.

Coming back home at the end of the day, I had an automated response from PayPal regarding my complaint. It again stated all the security measures to take, in particular the one about always typing https://paypal.com in your browser. And I thought: “you doofuses, you had better stop putting clickable links in your e-mails if you want people to get used to typing the address!”

I was going to respond to them with a more politically correct comment in that direction when I went to have a second look at the e-mail (which, I remind you, I still thought legitimate) I had got in the morning. And that is when I realised that the beautiful blue link was in fact a fake link, disguised as a real one. You can put anything in the href attribute of an achor tag — the catch here is that their link looks a lot like the blue links e-mail reading programs create when they encounter plain-text URL’s.

So, there we go. I was nearly caught by those not-that-dumb spammers. Remember the golden rule:

Always TYPE the address in your browser, don’t CLICK on links in PayPal or other e-mails.

Gator et autres espions [en]

Gator, ça vous dit quelque chose? Non? Et Gozilla ou bien AudioGalaxy, alors? Aha.

Si vous connaissez les deux derniers, vous avez probablement sans le savoir installé le premier sur votre ordinateur. Un vilain petit espion qui se charge de vous assommer de publicités, entre autres.

Un article de ZDNet sur le “Spyware” vous en apprendra plus. Et je vous encourage à télécharger AD-Aware pour nettoyer votre machine! (Oui, j’ai pu supprimer près de 80 fichiers et répertoires de la mienne, dont en tous cas cinq ou six versions de Gator.)

[merci Emmanuelle]

Worm-virus: Sircam [en]

Sircam is rated high-risk right now. It will spread by email using addresses from Windows’ address books, attaching a random file from the “My Documents” folder. Yes, I’m sure you all want your private files circulating around the Internet! It also does more nasty stuff, and I adamantly suggest that you read some first-hand information to protect yourself (and your friends).

‘Sircam’ Worm Getting Hotter [wired news]
SARC write-up for Sircam

[link from Zeldman]

Net-awareness [en]

Do you know that at this very moment, hackers could be using your computer to launch an attack upon a server? Well, before reading this very interesting article (thanks for the link, Ben), I didn’t. And I can promise you that upon reading it, I ran a few simple checks which luckily (*phew!*) were negative.

I heartily recommend that you spend the time necessary to read the article – and if you’re lost in the technicalities, go straight down to the bottom to find out how to check that your windoze machine isn’t carrying a zombie…

Culture Shock and Virus [en]

When I started writing about my indian experience (it was a question of survival at the time) I jotted down a lot of notes about my culture shock. A compilation of all the little cultural differences that I noticed during my first weeks. Taken separately, these little things seem what they are – little. Together, they add up to create a big nasty shaking feeling: the so-called culture shock.

I was using Internet Cafés at that time (there were lots of them!), and at one point all my diskettes stopped working. That was after xoom.com had deleted the first version of my site, and Mythun‘s hard drive with all my backup data on it crashed.

Now that I’ve finally laid a hand on the culture shock notes I had managed to type up, my beloved anti-virus program started flashing and blinking and beeping (well no, it didn’t do that, since I don’t have a soundcard) – in short, telling me the file is infected. I cleaned it, and you can look forward to some more reading in a couple of days. Thank you, Inoculate PE!

Maybe that explains one or two things… hmm. Well, while you wait or run your anti-viruses, I’m going back to my greek philosophers.

HoaxBuster [en]

Pour une fois, quelque chose en français à vous mettre sous la dent! Ajoutez à votre panoplie de sites utiles HoaxBuster, un site francophone pour vous renseigner sur la véracité des histoires louches qu’on vous envoie par email.

Merci à barzi pour le tuyau!

Tag: security

Quick Comment Spam Tip for WordPress [en]

Similar Posts:

Bloguer anonymement [fr]

Similar Posts:

Alarm: Orcut, Evil Fake Orkut Clone? [en]

Similar Posts:

Paypal Scam Nearly Got Me [en]

Similar Posts:

Gator et autres espions [en]

Similar Posts:

Worm-virus: Sircam [en]

Similar Posts:

Net-awareness [en]

Similar Posts:

Culture Shock and Virus [en]

Similar Posts:

HoaxBuster [en]

Similar Posts: