Turning my blog into a Fediverse server

Ganesha on Montrose

I’m adding this as a weekend project for myself.

Fedi.Tips – An Unofficial Guide to Mastodon and the Fediverse writes:

If you have a WordPress blog, you can turn it into a Fediverse server, which means people will be able to follow the blog and comment on it from Mastodon etc.

This is now possible for all kinds of WordPress blogs, including free blogs on wordpress.com, paid blogs on wordpress.com and blogs hosted elsewhere that are powered by WordPress software. The method you use to activate Fediverse compatibility depends on the type of blog you have, but they all work using the same technology.

(click here to continue reading WordPress: Turning your blog into a Fediverse server | Fedi.Tips – An Unofficial Guide to Mastodon and the Fediverse.)

So far, I’ve installed the ActivityPub plugin1 and attempted configuration. I’m not quite sure it is alive yet, but I have to stop for a few hours anyway to attend to other tasks. I’ll check back in and figure out what the final steps will be…

Footnotes:
  1. https://wordpress.org/plugins/activitypub/ []

Site Aesthetics

I’m not happy with the look of this site, but I never make the time to figure out how to customize it as I want. Sorry!

Also, the WordPress Block Editor is still a clunky mess, it doesn’t display well on my desktop (running an older MacOS), nor does it seem useful while using a “current” version of Safari.

Minor problems in the big scheme, of course, but means that I end up not posting much at my blog.

Leaning In To Listen

 

Jetpack Plugin Failure

Brief note: was meddling in my WordPress Dashboard today, and noticed that the Jetpack plugin wasn’t activated anymore. Tried to reinstall, and was told by WordPress that I couldn’t install Jetpack because the folder already exists. 

Jetpack 2022 02 23 at 2 38 49 PM

Hmmm…probably related to the Auto-Update feature, but who knows?

updated to add, logged in via FTP, deleted Jetpack, and reinstalled. No idea what caused the error, but doesn’t matter, chartreuse is my jam…

WordPress and the Block Editor

Still A Virgin?

WordPress is really pressing their new-style editor, called the Block Editor. I can’t say I’m very enamored with it, at least in its current iteration. I find the Block Editor gets in my way more often than it is actually useful in creating a post.

Maybe I’m just used to using a 3rd party blogging software (namely, MarsEdit)? Maybe I need to use Block Editor more?

We’ll see.

The true method of knowledge is experiment

— William Blake

Malware Strikes Again

The true method of knowledge is experiment

— William Blake
Your Ballroom Days Are Over

My websites were flagged by my webhost as containing malware yesterday. After a little back and forth with them, I decided that I would fix the problem myself to save on the hard costs of hiring an expert. The sites in question1 had been hacked sometime in July, but the hacker’s payload was simply a proof of concept – the hacker created a file called lol.txt on each folder on the root level of my server.

Since I’ve been a customer of this particular webhost for nearly 15 years, there was a lot of extra folders left over from various projects that I didn’t need anyway. I took the time to back every single thing to my local hard drive, and then deleted thousands of files.

The malware was installed as a .php file in the directory /wp-includes in two different websites with a WordPress installation. I could have simply nuked all the WordPress files with the exception of files found in /wp-content but I was curious if I could find more traces of malware. I didn’t have anything else more pressing to accomplish today.

Eventually, I cleaned up all the miscellaneous debris left over from Blogger days, lo so many moons ago, and even delved into my Moveable Type installation from the Golden Era of Blogging. All clear, if clunky.

If you have a moment, take a gander at urbanseens.com or my photo blog to see if they are ok. My webhost gave me the all clear, and restored my sites to the internet.

Being told you have malware is like someone accusing you of having lice or a STD or something”

my brother quipped back:

what’s worse malware or herpes?”

Tell Me What You Want
Footnotes:
  1. not this one, but others []

Keeping the Streak Alive Barely

The current trend of gamification is to encourage behavior by keeping track of “streaks”. I’m not sure it means much, but I am amused by it.

For instance, WordPress tells me every day that I’ve posted for x number of days in a rom (currently 53 days)

This post is empty in content, but I’m posting it anyway to keep my streak alive.

Google Site Kit Installation Guide

Hallway Flopper

Via my webhost, pair, and a new Knowledge Base:

Google Site Kit is the much anticipated Google WordPress plugin. With this plugin, you can monitor your site’s visitors, see what pages they land on, how long they stay, and more!

Installing and Activating Google Site Kit WordPress Plugin

To install Google Site Kit on your WordPress site:

Open your WordPress Admin Interface
In the left sidebar, click Plugins

(click here to continue reading Google Site Kit Installation Guide | pair Knowledge Base.)

Why not? Maybe Google will help my site get slightly more traffic? In the golden age of blogging, I got 20,000 to 30,000 visits a day, with occasional spikes up to 70,000. That sort of traffic is long, long gone (didn’t help that I stopped posting frequently, and generally became a lazy blogger, also the industry changed, Facebook and Twitter became channels of communication, yadda yadda), perhaps I can recapture some of that magic?

I wonder if I should add back Google Ads? I never see them myself because I use a tracker blocker, but if they are irritating, it isn’t worth it for the amount of money it could bring in, especially if my daily traffic is less than 1,000 visitors a day.

Privacy Policy

Privacy God is pleased with our work

I used the built in template to create a privacy policy for this humble blog, even though I don’t really need it, I don’t think. If you are curious about what it says, the link is over to the upper right hand side of B12’s home page, or click here.

If you have any comments, I’d love to hear them. 

WordPress 5

It’s the Future

It’s the Future

Installed WordPress 5. Seems ok. What’s new? I guess I’ll have to explore.

I was sort of interested in how the block editor works, but I don’t see it here.

 

Update

Hmmm, looks like something went awry. Cannot access certain plugins (Jetpack, WordFence, possibly others). Wonder why?

Strange New Requests From Strangers

Strange Things Are Happening
Strange Things Are Happening

For the last year or even longer, I’ve periodically received email from strangers purporting to be fellow bloggers asking me to update old posts with a fresh link to their content. I’ve maintained a blog for a long time,1 thus I have lots and lots of posts and pages of posts by date and by category. I’ve always gotten “spam” comments, Akismet has protected your site from 1,571,626 spam comments but these new requests baffle me. Before the blog format was commodified, and commercialized2, I received lots of daily traffic, but I haven’t been a high traffic blog for a while now. I’m confused by this new, frequent request to update links – it isn’t as if Google ranks links from me highly these days.

This new category is labor intensive, so doesn’t seem as if it created by a bot. 

Emails such as this one:

Hi,

You’ve had a couple of emails from me recently, but I’ve not heard back.

I wondered if the resource was of interest, or is there someone else I should contact instead?

I’ve included my email below for reference.

On Mon, Jul 10, 2017 at 8:36 AM, Paul Turnbull <paul@aob-mail.com> wrote:
Hi,

I appreciate you’re busy but I wondered if you had a chance to check out my earlier email.

I’ve included a copy here –

On Tue, Jul 4, 2017 at 8:48 AM, Paul Turnbull <paul@aob-mail.com> wrote:
Hi,

I noticed you have a link to the Rebecca Blood post on the history of weblogs here – http://www.b12partners.net/mt/archives/2006/04/.

That post was published way back in 2000 so is missing everything that has happened in the blogosphere since.

We’ve got an updated history of (we)blogging here – artofblog.com/history/

Perhaps you’d consider adding a link to our piece as well to serve as additional reading?

Thank you for your time.

Paul

Or another one I’ve also gotten today:

Just making sure you saw this. Hope you are well! 

P.O. Box 135, Whitianga 3510, New Zealand | To unsubscribe please reply with ‘Unsubscribe’ in the header

On Sunday, July 9, 2017 at 9:04 PM, Jesse Miller <jesse@jenreviews.com> wrote:
Dear Editor,

I was searching the web for information on how to choose a bike and saw your great post here: http://www.b12partners.net/mt/archives/2005/05/

I noticed you mentioned http://www.bikethedrive.org/ in your post, and just wanted to give you a heads up that I recently wrote a blog post you might like. It’s a detailed, up-to-date 7,000 word guide on how to choose a bike according to science, that details 10 factors to consider and is packed with tips and advice.

If this is something you’d be interested in, here is the link to the blog post: jenreviews.com/bike/

This is completely free and if you like it, all I ask is for you to link to or share the article on your site. In return, would love to share your post with my newsletter subscribers and followers on social media.

Either way, keep up the great work!

Cheers
Jesse

Here are some of the raw email headers for reference:

From: Jesse Miller <jesse@jenreviews.com>
In-Reply-To: <CAFrQzFYz8cX6jx=o047FxoSK1Lq7ELRVhLZAVW5hZoN-f6BTrA@mail.gmail.com>
References: <CAFrQzFYz8cX6jx=o047FxoSK1Lq7ELRVhLZAVW5hZoN-f6BTrA@mail.gmail.com>
Date: Sun, 16 Jul 2017 00:12:37 -0400
Message-ID: <CAFrQzFa52QJeHTZ0rVkQz0HcGzLdhcdDjty-WMuuLfVbZ29UfA@mail.gmail.com>

Strange News From Another Star
Strange News From Another Star

I’m skeptical of the motives of these requests. Why would someone request an update to a page which is a month’s worth of blog posts back in 2005 (or 2006)? Why not the specific individual post? In a moment of weakness, I responded to one earlier this year requesting money to make these links. That particular emailer didn’t reply again. 

As I mentioned before, I do still frequently get automatically generated “spam” comments, ones like:

“Howdy! This is kind of off topic but I need some guidance from an established blog. Is it difficult to set up your own blog? I’m not very techincal but I can figure things out pretty fast. I’m thinking about making my own but I’m not sure where to start. Do you have any points or suggestions? Appreciate it”

which links to  proxieslive (dot) com/free-proxy/ etc   

Those kinds of spams are irritating, and clutter up my blog’s databases, but they are obviously generated by bots, and not hand-crafted emails. 

These new super-targeted requests are strange. Did some SEO eBook suggest reaching out in this way as a means to increase traffic? Or are these Spambots 2.0?

Footnotes:

  1. longer if you include even earlier years when I hand wrote crap on my webpage without a CMS []
  2. by organizations like Huffington Post and the Gawker enterprise, for instance []

Self Portrait with Z Wine

There is a new-to-me plugin that exports photos from Lightroom to a WordPress blog. It seems the plugin won’t automatically create a new post, but it does simplify adding images to the WordPress Media Gallery.

Self Portrait with Z Wine

testing the Lightroom/WordPress plugin

Blog oddities

Where's The Any Key?
Where’s The Any Key?

Twice now I’ve opened up my blog and discovered error messages in my header that look something like:

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in …/wp/wp-blog-header.php on line 1

Both times, when I logged into the WordPress Admin page, it looked weird too (as if there were no template or CSS file available). I reinstalled WP 4.2.2, and everything seems ok. Still weird, and I’m not sure how or why this happens.

Just out of curiosity, have you noticed anything weird in this space?

PHP Script Hack Infected All Of my WordPress Blogs

 Computer Repair LED

Server Repair. 

Yesterday, I logged on to my WordPress Dashboard to see if any upgrades were available. I usually log on a few times a week, depending upon how actively I’ve blogged, or if I know of a WordPress upgrade. Once I logged on, I got an odd message that my plugins didn’t load because something was wrong with their headers. I clicked the Plugins menu to see what was going on, and instead, there was a message saying “You do not appear to have any plugins available at this time.” 

 Whu? WTF?!?!

Earlier in the week, the same thing had happened to my photo blog – plugins suddenly were non-functional. I was in the middle of a work-related crisis, so asked my cousin, the WordPress expert who actually constructed the photo blog, to look into it. He found malware, restored the photo blog to an earlier version with a backup, and it seemed ok. Since I was still sweating out the work-related crises, I didn’t look deeper. The photo blog seemed to work ok.

But now my blog was doing the same thing, and I had some time to investigate. I logged in to my site via FTP, and looked in the plugins folder. Several plugins were there. I opened one plugin directory, and one PHP file1 at random: the first line was a long string of code, obviously some sort of malware. Ru-oh! I renamed the plugins folder, which rendered it unusable by WordPress, created a new folder called plugins, and quickly installed a fresh copy of Akismet, a spam comment blocker. In the 15 minutes or so it took from when I first encountered an error until when I reinstalled Akismet, I received 59 spam comments! Yeesh. 

I looked at the various WordPress PHP files, bits of code that make the blog do what it does, every single one had the same piece of malware inserted in the first line. I reinstalled WordPress, which creates fresh copies of the majority of PHP files in wp-admin; in wp-includes and in the default WordPress directory. However, some files were not replaced, I had to open them manually and strip out the malware. Reinstalling WordPress does not touch anything in wp-content – themes, plugins, etc. I did not have backup copies of my Solipsism theme for some reason, so I had to clean several files here manually. Initially I mucked this procedure up by stripping out some good code as well, but eventually I figured out what was missing.2

I took a deeper look at my photo blog, and though the plugins were clean, and the theme files were clean, all other PHP files were corrupted. Again, I reinstalled a fresh copy of WordPress 4.1, and manually cleaned the remaining files (wp-config.php; wp-pass.php, wp-feed.php and so on).

You Do Not Have Any Plugins Available
You Do Not Have Any Plugins Available.PNG

I host a couple of subdomains3 which are static paged WordPress installations, both of these directories were full of the malware code. In fact, in the process of cleaning up, I discovered what the malware did. On both of these subdomains, there was a plugin directory called, innocuously enough, docs. I didn’t install this plugin, so I was curious what it did. I looked inside its directory, and found a directory called “cache”. In here were nearly 500 files with names like “29fb82abf5c8a42d970f94eed9d69ebf.dat”, and an XML file that indexed these pages using the subdomain’s URL. I opened one of these files with a text editor4 – it was a HTML-type page with the title of “Resume Writing Lookout Heights Kentucky KY 24/7 – Best Resume Writing Services”. The others were similar: “Cv Services Darwin  * Best Resume Writing Services 2014 – Jake Bradshaw”; “Payday Loans Near Augusta Ga ! <  24/7 Online Payday Loans”; etc. 

The HTML was horribly mangled, I would be surprised if it did anything, but maybe it would be enough if Google indexed a link pointing to some schmoe who paid a consultant for Search Engine Optimization. But maybe not. 

For instance, a portion of that particular spam page opened in a web browser looks exactly like this:

Create alert Self experiencing problems with problem with your consult an experienced for example, an e-mail, which is suitable day work. Diamond Call Ross on employer should protect a union, they but it would. Kentucky Diamond View all Altisource Vacations Worldwide jobs jobs Learn more about working at Altisource You can below, together with spending 2-6 hours a day at home This work can be done Colleges Equal Opportunity Williamsburg, Virginia – be at least High School diploma. Diamond

Whatever. I deleted these as soon as I could, shaking my fist at the evil spammer.

I found a few PHP files in my root level directory, I deleted these or cleaned them as needed.

I had tried to install a Drupal blog a while ago, before abandoning it as a futile, frustrating endeavor, but the files were still residing on my server, and all its PHP files were compromised. 

I put in a tech-support request to Pair.com, my web-host, asking them to double check if any PHP files remained that were corrupted, I haven’t yet heard back from them. But I think I cleaned up all the malware, all it took was eight hours of work on a Saturday night…

Today I’m planning on looking deeper into the MYSQL databases, and see if there are any unknown users or other oddnesses, and maybe change all my passwords. I’m not sure how the evil spammers were able to insert the malicious code, but I don’t want to have to go through all this again. Oh, and make backups! and backups of the backups!

Footnotes:

  1. PHP is a server-side scripting language []
  2. I think the blog is back to normal, if you see anything odd, please let me know. []
  3. clients’ web pages []
  4. I use TextWrangler since it is free. I should buy BBEdit, but I never get around to budgeting for it []

WordPress Troubleshooting – cannot modify header information

y'a bon Banania
y’a bon Banania

Sorry if I make your eyes glaze over, but I had some trouble with my blog yesterday, and here is how I solved it.

Background: upgraded a WordPress plugin called Better WP Security, under its new name, iThemes Security Pro, and instantly my blog broke. I could no longer access my dashboard, could no longer make any changes to the blog, all that would happen would be an error message like this:

Warning: Cannot modify header information – headers already sent by (output started at [redacted]/wp-config.php:33) in [redacted]/wp-includes/pluggable.php on line 896

 so of course I copied this error out, and Googled it. Unfortunately for me, I searched on the second phrase first, which led to instructions about fixing the code in pluggable.php

Silly me, I was too busy to read more. I opened my FTP program, opened the file pluggable.php and sure enough, the last line did not include a close tag. I added ?> and my blog was working again. I immediately went into plugins and deleted iThemes Security Pro, and as everything seemed fine, went back to my other tasks, considering the matter finished.

G3 case open
G3 case open

This morning, I noticed that the daily blog email didn’t get sent, and then noticed that my blog’s RSS feed reported an error. A few of my plugins were not working at all (such as my anti-spam plugin, Askimet, and others). Ru-oh!

I went back to the Codex WordPress FAQ Troubleshooting page, and read the entire entry:

It is usually because there are spaces, new lines, or other stuff before an opening <?php tag or after a closing ?> tag, typically in wp-config.php. 

If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/blog/wp-config.php:34) in /path/blog/wp-login.php on line 42, then the problem is at line #34 of wp-config.php, not line of wp-login.php. In this scenario, line of wp-login.php is the victim. It is being affected by the excess whitespace at line #34 of wp-config.php.

If the error message states: Warning: Cannot modify header information – headers already sent by (output started at /path/wp-admin/admin-header.php:8) in /path/wp-admin/post.php on line 569, then the problem is at line #8 of admin-header.php, not line #569 of post.php. In this scenario, line #569 of post.php is the victim. It is being affected by the excess whitespace at line #8 of admin-header.php.

(click here to continue reading FAQ Troubleshooting « WordPress Codex.)

Doh! My error message had told me the problem was in wp-config.php, and pluggable.php was the victim. I opened wp-config.php, and sure enough, there were 2 extra blank lines after the close tag. I don’t know how iThemes Security Pro added them, nor why, but once I deleted these two blank lines, my RSS feed validated through feed burner, etc. I trust the blog daily email will go out tonight, whether or not it will contain yesterday’s information too.

Safari is Stupid for HTTPS

Irritatingly, I clicked “Use SSL” on my WordPress dashboard for the Ted Cruz post I just published, because I didn’t know what that would do. Now, Safari won’t load the page at all. I unchecked the checkbox, but the page still won’t load. I looked closely at the URL and it should be http://www.b12partners.net/wp/2013/09/23/ted-calgary-cruz/ but Safari insists upon loading the “https:” version. As far as I can tell, there is no way to edit URLs directly in Safari, and this behavior persists even after I quit Safari and restarted – I still get taken to the nonexistent “HTTPS” secure version of the page, even if I hand-type the “HTTP” myself.

Safari is Stupid
Safari is Stupid

Grrrrr…

I tried using the “Short URL” version, I tried typing the correct URL, I tried copying and pasting, but all attempts lead instead to the HTTPS version.  

If there is a typo on the page, let me know in comments or email or Twitter, since I can’t see the damn post myself (well, other than in the WordPress Dashboard version, which is not always perfectly accurate). I guess I could click the category archive (Politics), or the tag archive (GOP for instance), but I’m too irritated to do so at the moment.