WordPress Sites Being Attacked – How to Protect Yours

A widespread attack is going on around the internet, looking for and compromising WordPress based websites. The attack method is fairly unsophisticated, but is quite powerful because of its breadth. Protecting your site against this attack is not particularly difficult, although that might change if it becomes more sophisticated.

The method of attack attempts to log in to WordPress using the username “admin”. The machines doing this assume that the username “admin” exists and then perform a “dictionary attack” which just means trying all sorts of passwords from a very large index of possible passwords until it finds one that works. The dictionary here is not the actual dictionary, but a metaphorical one that includes all real words, plus many variations and combinations with numbers and symbols thrown in as well. Dictionary attacks are very basic, but also very effective and they are the reason it is so important to use good, strong passwords.

Once a person is able to log into WordPress as an administrator they have full powers and privileges and can use the machine that hosts your website do pretty much anything they want it to do, such as to turn around and attack someone else’s machine. One thing that is known about these attacks is that they come from over 90,000 ip addresses which could mean they have compromised that many websites.

So what’s the solution?Read More

Sudoku preview

The solver for the Sudoku game was a fun challenge.

At it base, the solver is a brute force, recursive algorithm. But the most simple version is O(n^n), which is obviously not acceptable for a 9×9 table. There are a few optimizations that rescue it though.

The first is obvious, start by eliminating possibilities across the horizontals, verticals and blocks anything that conflicts with initial values.

The second trick is really neat. Instead of walking through the Sudoku board left to right, top to bottom fashion, or whatever arbitrary pattern you might come up with, you start with the square with the fewest remaining possibilities, then go to the next lowest and next lowest and so on. This was your tree has the fewest branches at the top and the most at the bottom, you end up with many, many fewer test solutions to try out.

I wish I could take credit for that solution, but I had to search for it and found it here.

For now, it shows off some basic programming skills in JavaScript, mainly Object Programming and general familiarity with the language, as well as manipulating the DOM with jQuery.

The next thing I would like to do with it is to offer a more beautiful html5 canvas ui and work in some animation. I’ve also been thinking about writing the board library in php, or putting it in a database and loading it in using ajax.

My Sudoku Game

Java Security Issue

The U.S. Department of Homeland Security issued a recommendation that everyone who can, should disable Java (not Javascript, which I wish people would not disable).

It’s an interesting story because it is only the second time the DHS has asked people to remove/disable software. The previous time being a version of Microsoft Internet Explorer (big surprise, right?), until it was fixed. Java has a long storied history which I went over a little in my post Why So Many Programming Languages?. It seems most people who use Java aren’t aware they are using it.

It’s relatively rare to come across a website that requires Java. I’ve run into it the most when a video wanted to play and Chrome asked me if I wanted to give it permission. I don’t know why anyone is using Java for this purpose when there are so many lighter alternatives available. For the time being, if you run across one of these the prudent thing to do would be to deny the website permission because even though you may trust the website you are visiting, you can’t know if they have been compromised.

What I’m interested in with this mess is, what it will do to the Java brand? Until today, many people were unaware they were using Java at all, so now they are being hit with this message of the Department of Homeland Security says your computer may be vulnerable because of a piece of software called Java that you didn’t even know you were running, and we don’t have a fix for it yet.

Despite once being on the brink of extinction when it failed to take hold in the browser, Java is still important. If you have an Android or a Blackberry phone, you use it everyday- all of your apps are built on it. But as far as I can tell from what I am reading, you’re probably pretty safe. I don’t know the technical details on this particular vulnerability, but Android apps run in a very tightly secured environment (each runs as it’s own linux “user” under the Android operating system), so it’s likely they would be stopped before doing anything too destructive.

Update: Oracle has posted what they are calling a “fix” to the Java problem, but security experts are skeptical. ZDNet says it will be about two years before Oracle gets the security issues solved. My prediction is this will be the end of Java in the desktop browser. My new questions is, will we soon be calling the unrelated language, JavaScript, by it’s more technically accurate, but clumsier name “ECMAScript”?

The Sudoku Challenge

I’ve challenged myself to create a game of Sudoku. Why you ask? Because it is broad enough to exercise all of the different Javascript skills I want to work on, while not being so complex as to be a big time sink on any one area.

In computer programming, it is not often the case that the challenge you end up with is the same as you conceived beforehand. Three days into it, I’m happy to say it is exactly as I had hoped for.

The Sudoku puzzle, like most web apps, breaks apart nicely into the MVC model. I wrote the model first and it was pretty easy. I made a two dimensional array to represent the squares, and a square object to fill each square. I hit a major snag when my outputs showed everything as working as it should, but then when I tried to output the board all at once, every square was filled with the value of the last square! It turned out at that point I didn’t understand closures as well as I thought I did, and instead of creating the 81 squares of the sudoku board, I was creating only one and changing it’s value. It was a pain to debug, but I came out of it really understanding Javascript closures.Read More

Another take on Panoramas

Here’s another solution for panoramas. It’s actually a 360 degree pan viewer, one of those virtual world things that are about as old as interactivity on the world wide web. But the person (Audrey Scott) using it is a travel photographer and her goal is to present a beautiful photograph of the pyramid at the Louvre. The solution has it’s problems, but I’m taking it into account as I think about my lightbox project.

My immediate question is, Is it Photography?

Technically, yes. It uses a cameraRead More

WordPress Recipe Plugin

Want a simple, easy to use and fully customizable recipe plugin for WordPress? I spent a few hours today putting it together. Although it’s still in early beta, I’m pretty happy about it. It features a custom recipe post type, categories and tags that are specifically for your recipes rather than for all of your posts together, and shortcodes to include the recipes in your posts.

We’ve been using a different plugin at Indiaphile for our recipes and it just wasn’t working out well. You could only have one recipe per post, and you were completely restricted to that plugin’s formatting. This one is completely open, it uses shortcodes to describe what certain information is, such as [ingredients]your ingredients here (separated by line breaks)[/ingredients]. This gives you complete freedom to add in additional notes and information that doesn’t necessarily fit into someone else’s rigid formatting.

It is definitely in a workable state, but there are other features on the way, such as custom formatting options and a shortcode generator. As it is now, you can format the recipes with your own custom css as the whole thing is wrapped in a div.stp_recipe

I just used it to convert the recipes in an old post at indiaphile: Tandoori Paneer Pizza. That was so easy!

You can download the plugin here. Remember, this is an early development release, you’ll either have to understand the code or have to talk to me about how to use it. But trust me, it’s pretty darn simple and powerful if you know how it works!

Screenshots:
Read More

A Fitting Display for Panoramas

I’ve never been happy with any Lightboxes I’ve come across on the Internet. It’s true, I’m very picky and hypercritical about these things. I’ve come to have very strong opinions on UI, particularly when it comes to photography.

So I’ve started a little sideproject on designing my own Lightbox, with an emphasis on the proper display of panoramas. From my notes:

To me the beauty of a panorama is looking at it whole and wide, and then walking in on it to see the details.

As a photographer I experience this with my own panos when I first stitch them together in photoshop, then zoom in in various ways to edit it. But how do I share this experience with my viewer? It would be easy in a physical gallery, just make a large print, let the viewers approach from a distance then zoom and pan with their feet. This is a very satisfying way to look at a large, detailed photograph. My goal is to capture this in digital form.

Well, I’m still mulling around the problem. So far I’ve just got the basic lightbox made, it works much like the lightbox you find in facebook or any random photo sharing or news website– nothing special. And I thought I’d finish it before blogging about it, but I came across an interesting solution here. This artist makes complex images starting with photographs then digitally repeating elements to create very high resolution, realistic but surreal, patterned images.

The ability to view the whole, then zoom in and explore are a must for his images. I like the simplicity of the zooming and panning, although I might make a few different choices on how the panning works. There also seems to be some ajax built in, which is something I’ve been mulling. Is it better to load one very large image at the beginning, or start with a lower resolution image then bring in higher ones as needed? The solution he uses is Adobe Flash based, which works for him, but is not acceptable to me if only because Flash is so 2000’s. The solution I am working on will be in Javascript with jQuery, and probably presented as a WordPress plugin.

How To Upload Media Files Over 2 MB in WordPress

So you want to upload a very high resolution picture, or a sound file or a video, and wordpress keeps telling you your upload is too large. It won’t take it. Or maybe WordPress seems to be uploading it, but when it gets to the end you see a message that the file was too large and could not be uploaded.

This is a common, two part problem to run into in WordPress. It is caused: 1. By Your WordPress Settings, and 2. By Your Web Host Settings.

First we’ll tackle your WordPress setting.Read More