BlueGriffon – “the next-generation Web editor”

BlueGriffon logoI forgot to write about the upcoming WYSIWYG web site editor BlueGriffon when I first heard about it (probably from Fredda) but I got reminded of it today. This is the announcement in Daniel Glazman’s blog (from 30 September):

In the beginning was Netscape Gold. Then Mozilla Composer. From the ashes of Netscape and the code of Mozilla Composer came Nvu. Nvu had a cousin, KompoZer. But all this tools now belong to History and are extinct or on path to extinction.

In the meantime, Mozilla brought Firefox to the masses and its rendering engine, Gecko, has the power to fuel a next-generation wysiwyg editor for the World Wide Web. This editor is BlueGriffon™. Stay tuned!

WordPress crack attempt this morning!

When I got to work and viewed this blog I noticed that Sidebar Widgets was disabled. I thought "That’s weird!"

When I tried to login to the administration interface I was told that my WordPress database needed upgrading. I thought "That’s weird!"

Some further investigation revealed that someone managed to upload a PHP script called ro8kfbsmag.txt (MD5 sum df3b74cd38c717d9d7bbf0cd1910baa1) to my /tmp directory. It starts like this:

<?php
/*Magic Include Shell by Mag icq 884888*/
//TODO: ñëèòü ôàéëî íà ñâîé ôòï (!)
$ver='2.1';
if(isset($_GET[pisun233]))
{

This gave me enough information too start googling. A must-read is Detailed Post-Mortem of a Website Hack Through WordPress & How To Protect Your WordPress Blog From Hacking, as it describes a very similar attack. There is also a support thread at wordpress.org: Weird and Dangerous : ro8kfbsmag.txt.

The attack vector on my server looked like this, originating from 78.109.21.80 with HTTP/1.0 as protocol version and "Opera" as User-Agent. I wish I logged POST data!

POST /wp-admin/options.php
POST /wp-admin/upload.php
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/inline-uploading.php?post=-1&action=upload
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/options.php
POST /wp-admin/options.php
GET /wp-admin/upgrade.php?step=1

Needless to say, I have restored a backup and taken certain precautions to prevent this from happening again.

Andi Gutmans: “Java is losing the battle for the modern Web”

Andi Gutmans (of PHP fame) has written a very interesting blog post about Java’s future on the web. The article is called Java is losing the battle for the modern Web. Can the JVM save the vendors? He gives some good arguments for using a LAMP stack for web applications.

One of the interesting quotes is:

Project Zero’s Chief Architect is one of the first IBMers to admit in public that Java today can be considered as a system language and is not desirable for building RESTful Web applications […]

This was apparently a bit out of context, according to the comment by Jason McGee, but fun to read nevertheless.

He makes a prediction that shall be interesting to see if comes true:

It has taken over 10 years for the Java stronghold to admit Java’s poor ROI on the Web and with the current recession it is likely that many Java customers are going to be making more informed investments. As a result there will be considerable rise in uptake of dynamic languages.

No peering between TeliaSonera and Cogent Communications

vs.

I noticed yesterday that I could not visit The Daily WTF or Podomatic. Today I started investigating and __henke__ in #data on irc.freenode.net told me that my ISP Telia and Cogent Communications had stopped peering.

Related links in approximately chronological order:

The networks affected are AS1299 (TeliaSonera International Carrier, TSIC) and AS174 (Cogent Communications). 

Update It seems like www.webservertalk.com is unreachable for the same reason.

referer: junomsg://

My web server examines the the referer to deny deep linking to images on my sites, so I get log messages about that. When I browsed the logs today a few of those log lines caught my eye. They looked like this:

client denied by server configuration: /directory/image, referer: junomsg://028985E8/

(I replaced the filesystem path to the image with /directory/image.)

What kind of protocol is junomsg? I did some research and it seems like this comes from the “Juno offline email client”. Someone probably received a link to my site by mail and the offline client seems to run in Internet Explorer. Case closed.

“Novarra”, or “Surf Closed” or “How to put ads on all websites”

Swedish telecom operator TeliaSonera has introduced a mobile data service where you agree to view ads on every web site visited. This service is provided by a company called Novarra. The ads are part of the deal, so the customer get what they pay (or rather don’t pay) for. It also seems that they filter other ads! The interesting thing is that major websites, primarily newspapers, don’t like to have their content modified or ads removed so they redirect Novarra-processed requests to surfclosed.wordpress.com. The Norweigian Mobiletech site has more information and screenshots in the article Transcoding issues introduced by Novarra. Their article was offline for a while, but now it’s back with a small addenum saying “We are experiencing a constructive dialogue with TeliaSonera.”