very simple

So, I finally decided to download my photos from Labor Day weekend, given that it’s almost November and I haven’t even put up a post since September. I’ll blame that part on the whole ‘having a job’ thing, even though, truth be told, I do have my weekends free. I’m just lazy.

But that started me down a wonderful journey of discovering that there was some sort of script error in my blog installation, which forced me to spend the last three hours venturing further down the rabbit hole of wordpress reinstallations, backups, “emergency” password fixes after wordpress decided to no longer recognize me…fun stuff.

it all appears to be (hopefully) working again, at least insofar as I can actually log in and write a post, but I had to delete a lot of plugin customizations particularly around stats. Not that anyone reads this thing anyway, so I guess that’s no great loss!

Anyway…on to the original point of this post. Labor Day weekend, as usual, was spent in the Berkshires. This year it was very rainy, so we ventured up to The Clark in Williamstown to check out some of the art. The coolest thing was an exhibit by El Anatsui, a Ghanaian artist who refashions the multitude of liquor bottles foisted upon the local population into beautiful wall hangings. So this is mostly that. As always, click on the thumbnail to get the full image.

making a few changes around the blog. I still liked the old theme, but it had gotten cluttered up with a bunch of stuff in the sidebar that was slowing down the whole thing, so I wanted to start over with something pretty stripped down – and when I saw the min theme, I thought it would be perfect. I’ve spent the morning cleaning things up and making a few tweaks under the hood, but the essential sidebar stuff is now down at the bottom, and I’ve included links to things like goodreads, flickr and the like, but I’m no longer putting the resource hogging plugins down there, since they cause the site to take forever to load.

In addition, I’ve finally figured out how to bring back comment registration (I had apparently unchecked a box somewhere, and it made everything disappear), so now you’ll have to register to comment on the site. You, being, of course, the three people who have commented in the last year, even without registration. But it should help slow down the torrent of spam comments that I seem to get on a daily basis, which is just annoying. Particularly if I don’t check in for a few days.

Just a minor housekeeping issue. I got an email yesterday from a reader asking me how they could sign in to comment, which led me to discover that there was no way to actually register on the site. I think something is missing in the template I’ve been using. I’ll try to figure out where the hiccup is, but in the meantime, I’ve shut off the requirement to register before commenting, and beefed up the spam filters. You’ll still need to have your first comment approved by me before it appears, but for now you should be able to comment again.

I didn’t think this blog was popular enough to actually get hacked, but I was apparently wrong.

Evidence the first – For some reason it was taking a really long time to load, even though I had cleaned out a lot of extraneous crap code recently.

Evidence the second (and, really obvious) – I was going through the source code because I wanted to add a graphic to my header, and I was trying to find the right spot.  In doing so, I noticed a bunch of weird links to external sites that I certainly hadn’t put in there.  Online pharmacies and whatnot.  So I went into the header file in wordpress, and found extraneous code pointing to a .ru site.  yeah.  Not so much evidence as, well, concrete proof.  I also did a google search for the code, and discovered that it appears on many other sites.

I don’t know how it got seeded (perhaps through a plugin?), but the code to search for in your header.php file in wordpress is “alkoltashov (dot) narod (dot) ru / sites.txt”.  This apparently pulls in the multiple http addresses.

I’m off to go search for more strange code to make sure my site is actually clean.  I’ll post an update if I find anything else.

Update: Found another one – in the footer.php file, somehow the link to demus design, which designed my template, got switched to “elavil lab”, with another link to an online pharmacy.  And the link to wordpress.org linked to some third-party site rather than the real wordpress.  I’m off to change my password as well!

Update further: from a little searching online, it appears to be a vulnerability of wordpress 2.8.1, which is the latest version available by my hosting provider (although the latest available overall is 2.8.4).  looks like I’m going to have to keep a close eye on things until they upgrade further over at network solutions.  I also found a few other small things.  My only advice is to go through all of your template files and look for code that doesn’t belong.  This is so annoying.

In an ongoing effort to find things to do to take up the time during my day that isn’t the hour in the morning I spend looking at job listings, I’ve decided to participate in Glark’s 365 photo project, which officially starts on September 1.  I figure this will be a good way to force myself to take pictures outside of photo class, and also to extend my knowledge once class ends.  As a consequence of this development, I have finally signed up for a flickr account.  I tested it by uploading my last class photo project, which is what you can currently see in the sidebar (but which will obviously change going forward).  I’ll be posting the photos here as well, because I like extra work (!), but it’s also a way to force me to blog more often as well.

I have always been wary of services like flickr, because I like to keep control over my photos, so other than the photo project I probably won’t be uploading all of my photos there.  It’s just become (for obvious reasons) a good way to participate in photo groups.

In other technical update news, I’ve re-instituted comment registration here.  I don’t get a lot of comments, but I seem to be getting tons of spam these days, and even though I use Akismet to filter the junk, I need to cut down on the remaining administrative hassle of cleaning out the spam log.  So…get ready for lots of posts!