Reading time: 3 – 4 minutes Tweet Business people utilize social media to optimize outreach to customers and partners. Loyal consumers of particular companies are often interested in what executives have to say. Similarly, companies also have plenty of reasons to stay updated on the latest events relating to business partners. Being concise is an […]
Reading time: 3 – 4 minutes
As an advocate of open source, I normally search for nifty pieces of software that I believe people can make use of without having to spend a single penny.
Open source software being free does fulfill the job but finding a genuine useful tool is also a challenge.
I’ve done today’s call to share with you winKeyLock, an open source utility that allows users to quickly disable computer access by setting up hot keys on the software’s menu.
The hot key combination can be as follows:
Ctrl + (A-Z) or (0-8)
Ctrl + Shift + (A-Z) or (0-8)
Alt + (A-Z) or (0-8)
If winKeyLock is activated, settings such as keyboard, mouse buttons, mouse wheel, and mouse movement are locked depending on your preference.
Disabling screen saver is something that you might not care about using because even if you enable it and you activate the lock, the screen saver will just disappear. So, it doesn’t serve much purpose.
Whenever the lock is activated, a tray icon can be seen like the one below.
These icons are changeable via the icon tab options in the menu. If you double click the lock icon, the software or lock is activated which means you have to unlock it using the hot key that you’ve set in the beginning.
Remember your hot keys and set it first before doing anything else if you don’t want to lock yourself out from your own computer.
Normally, you will see the word “None” as default on the hot key fields. Simply press the Backspace button on your keyboard to change the hot key values.
The General tab menu options however is something that you cannot setup at the moment for auto launching the software at Windows startup. I believe that it’s something that has not been improved but overall, winKeyLock is operational and useful.
You may download winKeyLock and get support from here. I’ll entertain questions as well on the comments section.
Update: The salient feature that is not out-rightly showcased on this post is the ability of this program to lock the screen without having to make the screen blank compared to using the usual Windows locking procedure that brings you back to Windows welcome page.
In other words, using this locking software allows you to lock any screen interruptions that maybe caused by keyboard or mouse presses and clicks, respectively while keeping what’s on the screen like an open webpage, media player or while watching an online video.
You literally keep what’s on the screen uninterrupted once the lock is activated even with kids around your computer that can simply sneak-in pressing keys and touching your mouse.
Reading time: 1 – 2 minutes
Programmers have recently taken Google’s Go into spotlight as this new experimental language takes the center stage as a dynamic language similar to Python with the performance and safety comparable with C or C++. This open source programming language can compile large binaries in just a matter of seconds and runs instantaneously close to C language.
Go is a promising language for systems programming with multi-processing support, friendly object-oriented design plus value-added features. To know more about Go, visit Golang.org.
Reading time: 2 – 2 minutes
The WordPress Development blog recently posted a call for Beta testers for the 2.9 version of the World’s leading blogging platform.
There are two ways to get involved, first is by signing up to the wp-testers mailing list to keep abreast of the testing progress and to discuss issues with the rest of the testers. Secondly is through bug report submissions by heading over to the Trac ticketing system as well as conducting some searches for patches that needs some testing.
To further facilitate the testing process, WordPress Beta Tester plugin should be installed on a freshly installed WordPress blog and not on an existing installation or a live site.
WordPress 2.9’s first beta release is aimed around the end of October after some finishing touches on the new features of which includes the controversial image editor functionality added within the core when I raised this question to Beau Lebens of Automattic (makers of WordPress) during this year’s WordCamp Philippines.
According to Lebens, this added core feature will not affect the software’s performance in any way contrary to what some developers and power users’ suspect as bloatware since it was just a light addition he mentioned.
We may expect the final release 2.9 build to be available either late November or early December if all goes well in the process.
All members of the WordPress community should take part in this endeavor for everybody’s benefit. So, how are you going to participate? Tweeting this post is one simple gesture of support.
Reading time: 3 – 4 minutes
The first thing I would like mention on this post is to give thanks to all of you, readers of Software Critics. As you all know, I’ve just switched this blog to dofollow a few weeks back and the results are amazing. Comment numbers really increased as well as visitors.
There’s one guy on the web that I’d really like to thank because he influenced me in some way to switch my blog to dofollow not because he convinced me or something but because he has shown credibility and I admire him for his straight-forward and rather unique style of writing and he’s being an advocate of dofollow blogs made be decide to do the same and he’s no other than John Sullivan of Potpolitics.com, my first blogging friend.
Potpolitics.com was the first blog I’ve ever written a guest post on. My guest post was entitled, Four Points to Guilt-Free Blogging.
WordPress by default places nofollow attribute to its comments and thereby not giving any link juice to commenter’s URL or website which I think is not fair. Google as we all know gives credit to link juice pass-on from one site to another as a vote provided that site is trusted by Google. It’s not all about the number of sites that link to you that increases page rank but the higher the reputation of the site that links to you.
As Google works against page rank sculpting, whether a rel=”nofollow” attribute is placed on a link, they will still follow the link. So, why would I not reward my readers for their effort in leaving comments to this blog? I just wanted to play fair with everybody.
Since this blog is already dofollow, from now on I’ll also be embracing the Keywordluv plugin by Stephen Cronin.
Here’s how it works,
Commentators can be rewarded by separating their name from their keywords in the link to their website, giving them improved anchor text. To do this, if you enter “YOURName@Custom WordPress Plugins” in the Name field, your comment will have:
“YOURName from Dofollow WordPress Plugins Says:”
“YOURName@Dofollow WordPress Plugins Says:”
If you don’t enter the @ symbol, the anchor text will simply display as normal.
Again, thank you to all my readers and my blogging friends and I hope this little act of kindness could go along way. Please be reminded that I still moderate comments so take a plunge into the discussion by making it relevant.
Removal of Keywordluv WordPress Plugin
If you came into this post thinking that you can use your precious keywords in the comment field, I’m sorry but this plugin has long been removed due to excessive keyword abuse. Please refer to the comment policy in place. Thank you.
Reading time: 2 – 4 minutes
I have never expected that there’s going to be another trending topic on Twitter about WordPress attacks. Not at any point in time. It’s not something to cheer about because it’s a vulnerability that every self-hosted site running on WordPress must be alerted on particularly blogs.
I have once written a post about this vulnerability entitled, “Blogosphere Alert: Prevent your WordPress blogs from being hacked!” which takes into account the ordeal that I’ve gone through and how I faced it with much ardor.
Now that this is happening again (at least not on this blog), this took me back into the experience of how this blog was challenged and how I responded. Of course, no person would ever want something he has accomplished go to waste so I went all out in solving the issue myself.
“WordPress Users Must” is the trending topic on Twitter at the time of writing so I have decided to tweet my previous post about this issue for others to read because I know that it can certainly provide valuable information to many. In fact, I even took the time to comment on Lorelle’s blog regarding her post entitled, “Old WordPress Versions Under Attack” hoping that somehow I could contribute to the conversation.
What I find annoying is like most trending topics on Twitter, affiliate schemes tend to take advantage of it having tweets containing links pointing to affiliate landing pages and a bunch of unrelated tweets just mentioning the phrase. Take a look at the screen shot below to see what I’m talking about.
While Twitter still don’t have any algorithm to filter out which tweets are relevant to the topic, then it’s your job to do it. My only advice is you follow the steps I’ve mentioned on my previous post about this blog being hacked and always be in the lookout.
Reading time: 2 – 2 minutes
My blogging streak kicked-off as you all know from blogspot.com and when I finally migrated into WordPress, I primarily used Akismet to combat comment spam. Akismet was useful although there are times when it seems like I’m doing much of the work filtering spam from legitimate comments and getting rid of splogs (spam blogs).
I have used Akismet for quite sometime until I discovered an alternative. WP-SpamFree is an amazingly powerful anti-spam protection plugin for WordPress including trackback and pingback spam.
WP-SpamFree provides much ease of skimming through comments for approval and since it was very effective, majority of those comments filtered by it are legitimate. I must say that it was better than Akismet. Ever since I started using WP-Spam Free, I no longer encounter pharmaceutical terms and splogs whenever I moderate comments at the backend.
A minute percentage of splogs leaving comments can still get through however; it has never been a struggle considering that my blog is “dofollow,” and while most “dofollow” blogs are scrambling in filtering comments, WP-SpamFree has never turned me down.
Commenting on blogs that are WP-SpamFree enabled has never been so easy because there are no more captchas to fill-out. Aside from its powerful anti-spam protection capability, it comes with a built-in configurable contact form which can easily be displayed within your site’s pages and sidebars with the same amount of protection since it also fight email spam.
It’s a 2-in-1 plugin for me—eliminating Akismet and Contact Form7. A definite must-have plugin for WordPress users.
Is your plugin worth blogging for? Leave your comments.
Reading time: 2 – 4 minutes
I‘m not talking literally here about Google Chrome’s new beta release personifying an entity or individual but instead personalizing its look and feel making it customizable to fit your taste and artistic inclination.
While many of us are aware especially Firefox fans in particular that the latter allows customization capabilities through Mozilla Labs experiment known as Personas. Personas allows Firefox users to dress up the browser by installing the extension and selecting from a wide array of design options. You can even design your own for personal use or choose to make it publicly available.
Personas boasts a personalized touch on what you can do with your browser and how you want it to look like. Making a Personas design is very easy and fun to do, all you need is a little bit of imagination and creativity.
As the browser market share competition gets tougher, Firefox just recently lunched Firefox 3.5 which they dubbed as the fastest browser ever which I utterly oppose although I’m Firefox user myself for years and was followed by a sneak peek of the Chrome-like Firefox 4.0. We cannot deny that Google Chrome is a one tough competitor in the open source arena aside from its plan of getting a piece of the pie from the OS market, they are simply raising the bar of competition when they came up with Google Chrome 22.214.171.124 Beta.
Google Chrome 126.96.36.199 Beta was really promising and a bit faster than what I’ve expected compared to its stable version. What’s really remarkable about the new beta release was its resemblance with Firefox’s Personas. Although Chrome Themes are few, they’re irresistibly attractive, sleek, and fast and dressing up the browser doesn’t eat up load time and resources unlike Personas on Firefox.
Chrome has a long way to go in terms of incorporating browser extensions particularly customization options but it seems that they’re heading to that direction slowly. Chrome Themes is Google’s response to most users challenge to instill add-ons but I hope that they’ll keep the extensions minimal as this may not be helpful when it becomes overwhelming.
At the moment, Chrome Themes Gallery doesn’t have many selections and doesn’t have an option for a user to create one’s own but to think its Google, it’s not surprising that sooner or later, they’ll embody Personas features. What do you think?
Reading time: 2 – 4 minutes
It’s inevitable for us to undertake some tasks simultaneously that we even expect this to work on our advantage while working on our computers. While there was much software available online that does the task of synchronizing files and folders as we work on them, there were only a few ones that could deliver great results at a short amount of time.
Look, we all want our lives to be easier and as much as possible do simple tasks with ease and speed so getting some software to work on our advantage is a good deal. An open source software readily available online could save the day so I went ahead and tested Create Synchronicity, an open source application used to synchronize files and folders across different locations developed in VB.NET platform.
Synchronization process using Create Synchronicity is a breeze. Aside from being highly customizable, it’s light-weight having 80kB file size when zipped and 170kB when extracted saving so much disk space to spare. Behind its tiny size, the application is big in performance. I never imagined this software capable of handling bulk files and efficiently transferring them to another directory or folder to my liking. Suppose you are dealing with MP3 files while listening to it but at the same time doing some changes like tagging, you can sync—copy, transfer or duplicate such files without interrupting your listening pleasure.
All you need to do is set your desired folder to where the files should go and the jobs gets done in no time as it completely eliminated copy pasting tasks. The only caution here is to set the correct synchronization method you’ll be using as this could be confusing at first and if you messed up at deleting files just restore them via the Recycle Bin. User-interface is friendly however a “Help” link is not readily integrated within the software’s navigation which means you may have to open your browser and search whenever possible the apps home page in case you missed the “About” link at the top left window which would take you to the app’s home page. Create Synchronicity is completely portable; no installation required so to speak and supports multiple profile creation.
This free software is redistributable and/or modifiable under the terms of the GNU (General Public License). The post is featured by request of CFP, publisher of Create Synchronicity—which can be downloaded from SourceForge.net repository who contacted us via email and in response the post was written in gratis.
Reading time: 3 – 4 minutes
Based on my previous post about this blog being compromised, I decided that it would bring much justice to the previous post entitled, “Blogosphere Alert: Prevent your WordPress blogs from being hacked!” to expose the different ways on how a WordPress blog can be compromised or hacked. We all know that WordPress blogs are written on php scripts and are made operational by means of MySQL Database via a web host.
For WordPress blogs, most hackers in order to create damage usually introduce malicious codes that may cause unwanted action statements through php code snippets. One of which is through SQL Injection. SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.
Another form of hack is Cross-site scripting (XSS) which is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users or cyber criminals into the web pages viewed by innocent users commonly exploited for phishing attacks to steal sensitive data such as credit card information in which most of the time, victims are unaware that a webpage is already stealing his/her valuable information.
The most common exploit that happens to a dedicated server is a script exploit that gives the hacker non root access to a dedicated server. What hackers do is pass the script some variables and commands in an http URL. The vulnerability is that the script allows the commands to be run thereby giving the hacker access only to the /tmp directory. The next action they would take is to upload scanning tools and start a DDOS attack against another server. While hackers don’t have root access, removing all their files and stopping all their processes will remove them but chances are, if the vulnerable scripts are not removed, they would still come back.
Another technique often used to attack Internet websites was via a remote computer known as Remote File Inclusion (RFI). Remote File Inclusion attacks allow malicious users to run their own PHP code called a webshell, also known as a PHP shell. A webshell can display the files and folders on the server allowing editing tasks such as editing, adding or deleting files which could also be used to gain administrator-level or root access on the server.
Familiarity with these vulnerabilities will give you ideas how your PHP scripts play a vital role in your WordPress blog’s security. Don’t try pretending to be a know-it-all guru, most tech bloggers’ blogs especially established one’s had once been compromised. It doesn’t hurt to ask what you don’t know. If you hardly believe it, do your research. Your call!
Reading time: 6 – 10 minutes
I was surprised knowing today that my blog was almost hacked.¹ The situation had shaken me that I almost freaked out but the good thing is that I’ve managed to put myself back together. I told myself that this could not happen so I didn’t panic instead I collectively put my thoughts into tracking the traces of the hacker on my site, and figuring out how it became possible.
I was editing previous posts when suddenly right after hitting “Update Post”, I became curious to check the post attribution drop down option. To my amazement, I have seen two other names on the drop down option which are not even contributors nor editors on this blog. When I checked the “user settings,” it became clear to me that there were really two guys with obscure names registered on my blog both marked as “admin.” While it had me marked as “administrator” with all the posts attributed to my name, it came into me that there’s something I needed to find out how these guys where able to register on my blog.
The Tracking Begins
I went first into the General settings. I found out that the “anyone can register” option box was ticked. Perhaps, that became their point of entry into my blog so I unticked it and saved the settings. So guys, don’t place the “Meta widget” on your webpage and don’t allow anyone to register especially when there’s no pre-defined user privileges or multiple users in your blog.
A bit paranoid that I am, I’ve decided to change my admin username and password. Changing WordPress default username “admin” to your preferred name can give you more protection since if you leave it at default “admin“, hackers would only have to figure out your password via brute force recovery and voila! You’re screwed. If you don’t have any idea how to change the default username “admin” in WordPress, follow these simple steps:
1. Back up your database first. This is the most important thing to do because you would not want your hard work go to waste.
2. Use phpMyAdmin to access your database.
3. Select the table labeled WP_Users, click the browse icon and select the record labeled Admin and click edit. The edit button looks like a pencil.
4. Go to the field labeled user_login and change the name to your preference. Save the changes.
5. Log out and login again to verify the changes.
If you don’t want to get into modifying it via phpmyadmin database, you can use a plugin to change admin username in WordPress found on www.w-shadow.com.
The next thing I did was to check if there had been some changes in the php scripts particularly in header.php file. Good thing is that I’ve found no trace of suspicious codes within the scripts, so I’m good. You can view here an example of a wp-blog-header.php file that has been hacked. I’ve also checked .htaccess file but it seems clean.
I’ve also downloaded the WordPress Exploit Scanner plugin which searches the files and database of your website for signs of suspicious activity, although its not a guarantee that it would stop anyone from getting into your site’s backend but it may help you figure out any uploaded, modified or compromised files left by a hacker.
Also, I have edited wp-config.php and created the SECRET_KEY, i.e., define(‘SECURE_AUTH_KEY’, ‘You unique phrase here’); a password containing elements that would make any hacking attempt unsuccessful to penetrate a security barrier since it generates a code that is almost impossible to decipher. Get instructions on editing wp-config.php here.
Lastly, I’ve made a backup of my database and files. If you need help on backing up your database, go seek your webhost for assistance as there are so many ways to do this depending on the MySQL version you are using.
There’s so much information overload here since internet security nowadays can really screw up anything you’ve accomplished in just a breeze. Don’t be a victim. I may have been saved for the day but who knows so I’m paying much attention to details now while doing a lot of extra protective measures. What happened was a false alarm though I’m keeping myself extra vigilant. So, do yourself a favor and learn as early as possible while you still have the chance. I cannot emphasize this more than enough because we’re all vulnerable here.
To sum up, I can simply advice you to remember the acronym–B.U.C.K.S
B–Backup database regularly.
U–Upgrade to the latest version of WordPress if you haven’t. I haven’t upgraded yet but eventually I would. I’m still looking at some factors especially the plugins because they are the ones mostly affected during upgrades aside from bugs. So far, I’m fine with 2.7.1 and I’m keeping my blog secured. It is advisable that you upgrade once your blog has been hacked.
C–Configure wp-config.php for added security.
K–Know how to do simple php script and database editing. It’s pay a lot to learn.
S–Seek help when needed. Don’t pretend that you know all things. It doesn’t hurt to ask questions.
That’s all for now, I’ll keep you posted once I’ve found out something new. Cheers!
While finalizing this post, I just came across this plugin called Login LockDown, an enhanced login security plugin that records the IP address and timestamps of every failed WordPress login attempt within 5 mins. After three unsuccessful attemps, all requests from that range of IP will be disabled as this prevents brute force password discovery.
The IP lockout time is set to a default of an hour but is modifiable via the options panel and administrators can also release locked out IP ranges manually. Login LockDown is downloadable from this link: http://www.bad-neighborhood.com/login-lockdown.html (Just copy paste the URL into your browser).
This post was originally posted on 16 June 2009 but for some reasons, the post disappeared from the exported WordPress XML file containing all the posts, comments, etc. so I had it republished.
A few hours after this post went live, I went back to this site to check how it was doing in terms of views when all of a sudden I got struck when all I’m seeing was “Index of/” when I type this blog’s URL on the browser. I contacted my host about this matter and they told me that the index.php file was missing.
1. My blog was hacked. The index.php was compromised by unscrupulous cyber criminals trying to stop me from exposing the realities of today’s WordPress blogs from this vulnerability. Here’s the screenshot of the index.php after it was compromised:
Yes, silence is golden but this incident just awakened my spirit and flared up my eagerness to continue writing. It seemed like somebody wants me to shut up but whoever they are, I’m just getting started.