This serves as a public notice that my beloved Motorola Razr M phone died (no longer bootable; local data not recovered) a few weeks ago, immediately before flying to attend OSCON 2014. Since I was busy at the conference, and since I couldn’t decide on what to upgrade to, I took a while replacing my phone. It was a strange experience traveling without a cell phone, I must say!
Please note that as of now I now have a working Moto X, which I love, and which I’m still working through setting up.
This is important for various two factor authorization setups I have that used my old phone, which I now need to figure out how to re-create. Ugh.
Apologies to recent readers; it appears that my WordPress install had been hacked earlier, due to a security bug in WordPress itself that I had not patched quickly enough.
Unfortunately, due to events in early winter, I was rather distracted for a couple of months. WordPress released some updates, which I neglected to apply. My best guess is that a hacker used a WP vulnerability to break into my WP control panel, whereupon they then added some spammy/googlebait links to my footer.php file. Sigh.
As best I can determine, after talking to my ISP and eyeballing various html directories, nothing else appears to have been touched. I’m fairly certain that only a WP vulnerability allowed access to the admin functions, which allow editing certain WP files directly from the admin web interface. It does not appear that my shell account or any other ISP features were accessed.
In any case, you’re now reading a completely fresh WP install, and I’ve either wiped & replaced or inspected all other HTML content on my website. I’ve also changed all passwords relating to this account, duh.
Security tips appreciated -at least ones more advanced than “have a good password”. I’ve also updated the WP blog settings to make the default address use https, which although it will load down the poor server a bit more, hopefully will keep my admin logins nice and secure from now on out.
Question: Given that I have a dedicated SSL cert for my domain name, why do I need the WP-Admin plugin? Can’t I just do everything over https directly? (I suppose this does require me to remember to use https, but I can do that).
After a bit of a delay, my ISP’s otherwise simple and free SSL setup is now installed. Yay! I can now blog and share the (eventual) World Domination Thru Pithy Quotes commerce portions of my website securely. I think my 1and1 webhost (which I love, both for the reasonably geeky and the completely non-geeky) got upgraded, and the first dedicated SSL cert from GeoTrust is free, as is a shared SSL cert that they provide.
Hm. I still get the non-locked padlock in my Firefox. Wonder what I’m missing? I thought getting the cert setup for the domain (albeit a subdomain, as all x.y.name domains seem to be) was like a magical wand that ensured peace of mind when browsing or posting. Er, guess I should do the obvious and update my css links and whatnot and then wonder what I missed! Oh, and then figure out the appropriate mojo to do to WP to get it secure too.
Cough syrup, lovely cough syrup. Actually, I find Ricola helps me sleep – at least somewhat. Does anyone know what pneumonia feels like? Cause I’m still sick…
.. get me down sometimes. Like my badge not working in the garage this morning. Talking to the security guard – perfectly nice, but not paid, nor willing, to actually think at all – is zero help: “Go get a new badge”. I spent 10 minutes walking around the building proving my badge indeed works great at every reader except the garage. Given the evidence, I tend to think that reader is faulty, not my badge, eh? And it’s not security’s job anyway: someone else is responsible for the readers, probably a different set of people than are responsible for the badge database (i.e. who should be in / out of each reader) as well. And finding contact names for things like this inside &BigCo; is sometimes and impossible task.
So hopefully the catharsis of writing that out here will help me move past it and do something useful. Even though I feel a little silly using Charlie Brown’s typical trying-to-kick-a-football yell in this situation. Than again, I seem to remember Charlie Brown having several themes of little things at various points in his perpetual 6 year old existence…