How to find a backdoor in a hacked WordPress

Edit: This post has moved to here: http://ottopress.com/2009/hacked-wordpress-backdoors/. Take your comments there.

Over here, Jorge Escobar is writing about how he got hacked with the latest version of WordPress. After some minor back and forth on FriendFeed, I got him to do a search which found a malicious backdoor he might not otherwise have found.

In so doing, it occurred to me that most people don’t keep up with the world of WordPress in the way I do, and so have not seen nearly as many hack attempts. So I figured I’d post my little contribution, and show people how to find hidden backdoors when cleaning up their hacked sites.

Non-technical users can safely ignore this post. :)
Continue reading “How to find a backdoor in a hacked WordPress”

Google Maps traffic… it needs work.

I always wondered how Google Maps knew traffic conditions. Today, there’s a blog post where they explain it a bit better.

That ain't on an iPhone...
That ain't on an iPhone...

Basically, they simply have all the phones running Google Maps with GPS send back data as to a) where they are and b) how fast they’re moving. Both of which GPS gives you more or less by default.

It’s a clever idea, and I like it, but it fails in a couple of major ways, IMO.

Firstly, when I use Google Maps on my phone, I tend to not leave it open. Google Maps is fine, but it’s not a very good navigation system. It’s just a map. A real navigation app is worlds better. I recently got Navigon Mobile Navigator on the new iPhone, and it’s pretty slick. Thinking about a dashboard mount for it now, actually.

Secondly, this system relies on a lot of people having Google Maps open and running and sending back data. If nobody with Google Maps running has been on your street recently, you get no information.

What Google really needs to do is to open it up as an API. Let other navigation system manufacturers both send and receive traffic data from the Google Maps system. It doesn’t have to be complex.

Any good navigation app knows your location and speed, so a simple way to send that info could be made easily enough. The problem, of course, is allowing third parties to use the data.

Google Maps works in layers of images, which is one of its major shortcomings, IMO. The street views are images. The terrain are images. Just big sets of tiles that get displayed next to each other. And I’m almost certain that this traffic thing is just another set of images they’re generating or updating. For navigation providers that use 3d views and such, they don’t need that stuff in the form of images, they need it in the form of data. What streets are busy? How can that information be used to improve the navigation? Etc.

Google is generally pretty good at opening up their APIs to third parties. However, they’re generally not good at providing data in different forms. Most of their APIs are “this is what we use, if you need something else we don’t have it” sort of thing. Hopefully, the Google Maps team will see the light here and realize that to get good data, you have to give good data, and start pushing in that direction. Because open traffic data would be pretty cool for everybody.

New WordPress 2.7 Feature – Plugin Installation

(This post is geared more towards PHP authors and fans of WordPress, so if you’re not into that sort of thing, why not go look at some pictures of cats instead?)

So, I upgraded to the latest 2.7-bleeding edge version of WordPress on my blog today, and discovered a new feature that I had missed in my earlier readings. There was a new menu item on the Plugins menu:

New Menu Item
New Menu Item - Install Plugins!

Yes, it appears that WordPress now has plugin installation built into it. Similar to the Plugin Upgrade feature introduced in 2.5, 2.7 will be able to download and install plugins directly from WordPress.org’s plugin directory.

Naturally, I had to try this out, so read on if you want to see what it looks like…

Continue reading “New WordPress 2.7 Feature – Plugin Installation”