Tech Ravings

So far in the past month I have had two database injections. I don’t know how they are getting in and since I am on a shared server I don’t have access to the raw apache logs to figure this out. Security being very important to me I had to do something on the server that would allow tracking or even setting up a complete firewall custom taliored for me.

I found Firewall Script that can be used specifically to safe gaurd my personal site with dis-regard to all the others. I have not downloaded it yet but from the features it looks to be exactly what I was looking for. Protection from sql injection, XSS attacks, even DDOS protection. Not that this blog would really ever need that I do run other sites that would really require it if the server can’t handle it.

I wanted to get this news out as soon as possible because several of us Wordpress and site owners are experiencing a rise in intrusion attempts. I’m gonna give it a try as soon as possible and I hope that this may help you as well.

I want to shout out Mouseclone for letting me know there was a problem with this site. I was contacted on Friday about an alert that was raised to him that I had a possible iframe hijack on my site. Not really knowing what he was talking about I quickly scanned my source code for the exact iframe source that he provided. Not finding anything I dismissed it as many users of SocialSpark visit me and he possibly confused me with someone else.

 I did find today that in fact a database injection had been done and the iframe was there. My mistake was that I only hit the home page and the iframe was on the previous page. The iframe source refers to 61.155.8.157 and after some examination of the obfuscated JavaScript, redirections were discovered. I’ve contacted the server abuse department and will follow up if these people are not shut-down.

Welcome to the interwebs. This is the second time I have been hijacked in the same way. This is a new theme that I have gone through and can not find malicious php code, and since it’s in the admin section I can only assume that it’s a Wordpress security problem. This however is the second time I’ve found hijacked stuff in my database!

While I have gone through every line of code in both this theme and the access logs for this site I can not find how this is happening. Which make me very cranky as it’s happening.

My apologies to anyone who has gotten alerts. Systems are in place to track and prevent these from happening anymore. I hate Wordpress 2.5 (I just set up a site using it) but if it’s a 2.3 problem I’ll have to upgrade.

When I started working for IZEA a little over a year ago I didn’t have a blog. Not to say I didn’t have many web sites and was marketing those, I just didn’t have a personal blog to speak of. Rather quickly after starting with IZEA I started Tech Raving: to test code; to begin blogging about *JavaScript*; technology stuff when I could.

Pre-SocialSpark I had a hand full of visitors each day and even a comment here or there. Mainly the visitors came from those individuals I meet in the forums at IZEA.  I guess I had made enough splash on the intertubes because I got Google rank spanked without a single sponsored post by any company. Apparently just the mention of PayPerPost made Google quake in jealousy. To be fair I shouldn’t say it wasn’t just PayPerPost that lead to the spank as I had a few third party widgets that I found could have been the cause.

When SocialSpark went into alpha release and new users started to trickle in, my daily visitors started to increase. That’s easily attributed to the fact that only a limited number of users were involved and they were checking out the other blogs in the system. So to use that as a gauge would be inaccurate of me to report to you.

SocialSpark has been in Beta now for only a few days and if the MyBlogLog widget tells me anything then it’s that I am getting visitors. Before alpha it may have had a new user once a week, now it’s about every two days. Now I know that’s only one yardstick to measure by and my other stats programs tell me the same thing, visitors are increasing even as the number of members to SocialSpark has increased.

Taking a step back for a paragraph, under the PayPerPost system I could not take any posts. Even when the paintball opp came out that I had a huge interest in; I could not. Now with SocialSpark I can take the spark opportunities to my hearts content, although I’m not sure if I can make any at the moment. Since I love building widgets and plugins I can finally recognize other authors of the same who create SocialSpark sparks, such as owencutajar who also creates Wordpress plugins as well as myself.

Since there is more to me than just JavaScript and coding, I am going to stand up a new blog just so I don’t dilute this site. YES! After a year of blogging it’s time to have multiple blogs; and isn’t that what it’s all about in terms of SEM? Niche systems. Saying that I have a blog in x category and being able to check out like interest blog in my category leads to an expansion of friends.

Even if you don’t find an opportunity to take at SocialSpark the system is designed to build on other bloggers. That is were Sparks come in. Straight to the quick, how many goth blogs do you find in PayPerPost? I’ve alway found that as a deficiency in PayPerPost, yet I’ve found one in SocialSpark already and befriended them. More new users are coming in rapidly. If they create a spark asking for a site review, product review, and what not, I can take it. There is a paranormal video site that fits in with what I was doing with RiffRaffRadio (old site of mine) and doing a spark to boot. Where is that in PayPerPost?

Trust me as someone who see’s behind the curtain to SocialSpark there are others in it that think, and have sites, like you do.

Do not fear to tread there, since you still be accepted from someone. I am so relieved that SocialSpark truly incorporates the entire genre of blogs and bloggers. Let’s keep it realistic, there are exceptions of course and I mean that as saying there are laws in this country as to what you can display on the internet and SocialSpark can not accept those.

I as a developer for IZEA, and a lone wolf programmer that usually kept to himself, I did not foresee the impact that SocialSpark would bring to unknown blogs such as Tech Raving. Trust me I was skeptical as well, pre-alpha, and still am still in some respects. Yet the facts remain that in a month I had the traffic developing to cause me to consider, and soon to create, a new blog for me and not just the technology that I use. This blog was nothing more that a test bed for my code and general brain dump of a few posts. Within a month and without any marketing it has taken on more visitors due to being in SocialSpark than just being a regular blog within the vast sea of the interwebs.

I am scooter on the IZEA boards.
I am scooter on  SocialSpark.
I am Scott Krutsinger on Zookoda
I work for IZEA.

Just so you know, this is truly what I feel and have put together outside of any IZEA requirements. Feel free to drop me a private message on the forums. Within SocialSpark feel free to leave a comment or let me know of any related sparks you create!