Why, Blog, Why?

My blog software has some neat built-in stat reports that i can use to see, among other things, how people got to this site. It's funny to see how often the same search term shows up in the logs (Google searches for "sweet msg" are among the most common on this blog for some reason. Note that Sarah gets a lot of "earthy crunchy mama" search referrers). However, when a legitimate search term does show up, indicating that perhaps someone found something on the blog that they felt was useful, I have no indication of whether said surfer got anything out of their visit here, or whether they have any intention of coming back. They are lurking in the shadows, stealing my thoughts and leaving nothing in return.

So, to you, dear lurker sir, I ask that, should you find anything useful on this site, let me know via the comment form on whatever article you've wound up at. It will spur me to write more, and let me know who's out there.

My brother Todd alerted me to a bug on my comments form. It's fixed now (with help from the b2evolution team). Sorry to any of you that tried leaving comments before and couldn't get the form to work.

In my last post I mentioned that one of the problems leading up to the hack attack this week was "too loose server settings". That statement in fact couldn't have been more inaccurate, and I wanted to clarify:

The server itself was so secure as to have prevented a minor blog hack from becoming an all out zombie spam server. The folks at Hit Catcher, who are long-time friends of ours and who graciously host this blog and a few other of our projects, had the foresight some time ago to lock the server down in every possible way.

The problem that I was alluding to was then not in regards to the server itself, but more to a loose setting within the PHP scripting engine that runs on the server and powers this blog software. It was as much an oversight on my part as anything, as I could have and should have taken extra steps to tighten the settings within my own hosting account. I hope this clears up an otherwise inaccurate claim.

We're back online after almost 48 hours of down time. In short, our blog was h4x0red by some effing schwags who exploited a bug in the blog software. I think I was ground zero, or at least I was the first to report the issue in the support forums. The b2evolution developers were great though and had a patched version up within a few hours of my initial report. To be fair, it wasn't the blog software itself that was buggy but rather a combination of a vulnerability in an add-on file and too loose server settings PHP settings. Both have been fixed and I think we're safe for the moment. The funny thing is that I saw a bunch of activity in my logs that should have told me something was up - odd search referrals for specific text related to the blog software itself. But I ignored it, so shame on me. (Or as George W. would say "There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can't get fooled again.") Not that I would have known where they would strike, but perhaps a few preemptive IP bans would have reduced the blow. Anyways, luckily they only affected the blog files themselves and not the actual database which would have really sucked.

I have a lot more I want to write about, but I wanted to be in bed about 2 hours ago. But just so I don't forget, up next: Why I'll never buy another McAfee product again; our visit to Pine Hills Waldorf school tomorrow; and our best visit to the photographers yet! Maybe a bonus post summarizing the Internet Basics class I've been co-leading at work.

TTFN

Just upgraded to the 1.9.0-beta release of b2evolution. Everything looks OK, but if you see any quirks please let me know. This release has an impressive list of enhancements. W00t!