The Captain And Lime

Post a comment.   Howzat for going after lurkers?

Seriously, I don’t have the remotest idea what’s going on, except that I’ve been messing a lot with my themes over the last few days and don’t know what sorts of hickups that might have left in the ether. Other visitors have said that posting a comment fixed goofy layout.

This should have, like my former choices, a single sidebar on the right and the main body of text on the left.

About 25th on my todo list of 25 things (that’s the way Abbey organizes stuff…I think I need to emulate) is redesigning my blog based on the same theme I used for CC, only optimizing for ‘NetWalkers, but that requires making and balancing backgrounds and stuff, and I just don’t have time for that right now.

Anyway…onto what I’ve been doing. I’ve got the ms part of RoL cleaned up and ready to go. I’m going to do some sketches to include during Nationals. I also have gone through the files for HT and HB and cleaned up lots of scanning artifacts. I’ve got a splitting headache and my eyes are crossing, but I think they’re pretty good now. I’ll be sending out the new links to those who have purchased as soon as I compile and convert HB.

Sorry to whine, but…If I missed things (and I’m sure I did.) unless they’re egregious…uh…don’t tell me, OK? At least for a month or so? I’m so tired of futzy detail stuff, I could scream.

Ja ne!

Grrrr….I’ll try a new theme, but I’m less than optimistic. If it were that easy, others would have done it.

I…really don’t need this…

No new occurrences in the last 24 hours.  I’m trying to monitor this closely. I found some references to gmpg(dot)org in the header file that didn’t arrive with the original theme. I wiped the statement out, then went searching. I found another reference to this site in the sidebar php file which did come with the original theme.

To me, that’s what’s known as suspicious. The reference was a simple href-style link and the gmpg organization appears to be legit, however, just as hackers use the WordPress acknowledgment link in the footer of most sites to target WordPress sites, I’m suspicious that hackers are using this sort of hidden link to somehow target and access a weakness in a given theme.

This is, you understand, totally conjecture on my part, but I’m leaving those references out of my themes from now on, (as well as a bunch of other security measures) and hoping I don’t get a recurrence of those pesky links.

Again, this was not dangerous to anyone visiting. It was pure and simple a means to fool search engines into legitimizing those links that were being inserted and thus raising them to the top of the search lists. The more places with “links” to sites, the more “legitimate” they are, to the search robots. (Do I have that correct, oh computer gurus?)

Back to editing RoL.

Here we go again. New links popped up. Grrrr….This time I did a line by line comparison with the original header file and I think I got at least this file clean. What’s lurking elsewhere, I don’t know. The problem is, I’d modded this file fairly extensively. There was a bunch of animation most computers couldn’t handle, and some rather rude (I’m sure the coder thought it was funny/clever…I didn’t) comments when the animation didn’t work. So, I took all that out. I also put my copyright stuff that appears at the top of the page into it.

So why, you ask, don’t I have a copy of the uncorrupted file on my home computer somewhere? Well, I think I do, but I couldn’t find it. probably on the computer that died. Who knows? Anyway, I’ll be surprised if this fixes it. I’ve probably got some kind of link to the buzzards at the moment. But if it shows up again, I’ll see what I can do. Meantime…I’m working on security….

I found some suspicious stuff in my sidebar php file as well. I zapped it. Hopefully I didn’t zap anything significant. Please let me know if there are any problems logging in or anything like that.

And RoI languishes.

Pook.

Message from Lynn this AM: As best I could determine last night, the spam loads aren’t meant to display on a monitor, they’re meant to fool search engine spiders into believing that legitimate sites are linking to the spammer’s sites, thereby legitimatizing the spam sites for SEO.  It looks like you’ve been hit by a zombie spammer….none of the injected links are valid and appear to date back to 2008 or earlier when Harvard University’s servers were hacked.

Which brings us to the one I totally forgot to thank last night: Lynn. She was on it like a hawk when I emailed her yesterday.

I’d let the matter slide, intending to attack it with a fresh brain today. I’d figured, from the form it took, that is was nothing particularly dangerous to anyone and the info I was getting/finding all pointed to code that was harmless to visitors and designed to affect search engines. It’s the sort of thing that can get a site “blackballed”by search engines, so I wanted to take care of it, but I also wanted some sleep. (Nice thing, sleep.)

But a late-night email from Lynn jerked my brain awake and my default from html-speak into php-speak, and I knew I wouldn’t sleep until I found the answer to the question.

I went searching the php files most likely to have been “infected.” She said it usually manifested in the footer.php, and I did check that first. Nothing suspicious there, but then I realized…footer? Why the footer? Of course…these pages are created on the fly. It had to be something common to every page, not just the posting page. The next file common to all pages and posts is the header. I checked it and there it was, bold as brass.

So, no need for you visitors to worry, and no need for me to worry.

All is well!

I believe the problem is solved. Somehow that code got inserted into my theme’s header.php file. I zapped it and the source code and display appear to be fine now. My thanks to you all, and especially to Jaakko for putting me onto the problem in the first place.

YOU GUYS RAWK!