Compare WordPress Files on Server to Proper WordPress Version

Sadly one of the hassles in managing your own WordPress blog is dealing with people that use your blog to serve spam content. These hacks can insert spam links into your pages and posts or create spam directories that are completely their own content on your domain.

There are many issues to deal with in re-establishing control of your server; but that isn’t the scope of this post.

This is just a tips if you are troubleshooting to try and determine what is going on. Often your server has been hacked to allow uploaded php pages to be added or for WordPress php files to be edited.

One way to track down if the files have been changed or new ones added is to compare the WordPress files on your server to the current files for a fresh WordPress install. This assumes your blog is using the current version, which hopefully it is because on the big improvement WordPress made is to make those updates automatic. That greatly reduces the chance to have WordPress be the vector to infecting your server. If you were using a older version then just compare to the field for that version from the WordPress server.

If you don’t have a current backup I would make a backup before I tried this. Obviously, don’t make any deletions or changes to your server unless you understand what you are doing. You can create big problems for yourself.

You can use the diff command to view the difference between WordPress on your sever and the fresh install from WordPress. I install the new WordPress in a new directory outside public_html. At the cli on a Ubuntu/Linux server:

sudo wget http://wordpress.org/wordpress-4.0.zip
unzip wordpress-4.0.zip
diff -rq wordpress ../public_html/

wordpress-4.0.zip – replace with whatever the version is you are using.
../public_html/blog/ – replace with the path to your blog

Continue reading

Zoom Level on Embedded umap OpenStreetMaps

Curious Cat uses OpenStreetMaps and umap to create my own maps. Then I can embed them on my sites, for example here for Chiang Mai Thailand.

For some reason when you use umap and select the embed option it gives you code that leaves off the zooming altogether. It is an easy fix (and I imagine the code will be fixed making this simple advice obsolete). But for now this is all you need to do.

The url umap adjusts as you zoom the map in your browswer. For example, going to

http://umap.openstreetmap.fr/en/map/chiang-mai_18602

which the Curious Cat Chiang Mai map it will “redirect” to some really far out zoom level

http://umap.openstreetmap.fr/en/map/chiang-mai_18602#6/18.719/99.657

Then you can zoom in a bunch to get the level you want to use to embed.

http://umap.openstreetmap.fr/en/map/chiang-mai_18602#14/18.7851/98.9907

The code created for you to paste into your page is

<iframe width="100%" height="300px" frameBorder="0" src="http://umap.openstreetmap.fr/en/map/chiang-mai_18602?scaleControl=false&miniMap=false&scrollWheelZoom=false&zoomControl=true&allowEdit=false&moreControl=true&datalayersControl=true&onLoadPanel=undefined"></iframe><p><a href="http://umap.openstreetmap.fr/en/map/chiang-mai_18602">See full screen</a></p>

Which doesn’t include any zooming info so you get the super far our zoom default.

You need to add to the url

src="http://umap.openstreetmap.fr/en/map/chiang-mai_18602

so that it includes the zooming info. So it would be

src="http://umap.openstreetmap.fr/en/map/chiang-mai_18602#14/18.7851/98.9907

You can also see the link to “See full screen” isn’t using the zoom settings. If you wanted that link to a zoom setting of your choice you can set that also.

Note the view on your screen and the embedded map isn’t going to be identical. The map will likely cut off some of what you see (due to the sizing of the embedded map). You can also adjust the sizing of the embedded map by adjusting the height (they default to 300px, but you can make it 400px or whatever you want).

Related: Multiple WordPress Blog Networks on One Server – Overcoming ConflictsChecklist for Setting Up a New Domain on VPSLinux/Ubuntu File and Directory Permissions

Top with Better Display Options

Scout Realtime is a Ruby Gem that allows you to view top in the browser. One huge advantage is to view charts of activity over time.

Scout Realtime is open source and free.

Related: System Monitoring Tools for VPSBasic MySQL Performance MonitoringKeeping Your Hosted Ubuntu Web Server Software Up to Date

Making Sure You Don’t Run Out of Space on Your VPS

Over the years I have had web sites I work on go down because the server ran out of space (when I wasn’t responsible for the system administration). Well today I had it happen for some sites on one of my servers.

I have a remote monitoring service so I was notified when the sites were unavailable. Looking in the error logs I could see I ran out of space, which is a fairly lame error to make, I think. I cleared up some space quickly and things were in working order again.

A few tips from this experience. To see data on space used and available space from the command line (linux/ubuntu) use the df command.

df

You could check that occasionally to see if anything strange is going on. But it is better to use something like Nagios to monitor the server and provide notice if usage goes past certain points is wise (75%, 80%…).

I found a nice way to find large files (that may be possible to delete to free up space)

sudo find . -mount -ls | awk '{print $7, $11}' | sort -rn > large_file_list

If you get an error with the file creation, you can log in as root (su) or create the file first and then it can overwrite the existing file.

It is smart to have log rotate setup for logs. I didn’t have it setup for every log. To create a file to keep track of all your logs for domains you can do the following. Create a file in the logrotate directory so it is run per your settings.

sudo vim /etc/logrotate.d/virtualhosts

This article from Slicehost provide details on options, a simple setup is to include text such as this in the file created in the line above.

/var/www/domain1.com/logs/*log /var/www/domain2.com/logs/*log {
  rotate 14
  daily
  compress
  delaycompress
  sharedscripts
  postrotate
    /usr/sbin/apache2ctl graceful > /dev/null
  endscript
}

Related: System Monitoring Tools for Ubuntu VPSPhusion Passenger Tips and Troubleshooting IdeasChecklist: Moving WordPress site to a New Host

Continue reading

How To Transfer Domain Registrar From Godaddy To Gandi.net

I was asked to take over managing a few domains for someone, part of this includes renewing the registrations. As they currently are on Godaddy and having to deal with that system would annoy me and waste my time I am transferring the registrar to Gandi.net.

As part of the transfer process you must make sure the domain is unlocked, which I did. Then you must send yourself the authorization code (for making a transfer). You need to provide this code to the new registrar. Not surprisingly Godaddy attempts to make this difficult. Then the email just says: prog_id=GoDaddy&isc=aaaa111 That will not work. I was able to find a way to download the code for all the domains (you have to create an export list, instead of just viewing it from the domain page). That method provided a 16 digit (alpha and numeric and very occasional special character) codes for all the domains.

Gandi.net makes the transfer process very nice and smooth with a easy to follow user interface. They do cost a bit more than others but they are well worth it in the time you save for most people (if you really want to save every last dollar you can find cheap registrars that are less annoying than Go Daddy).

Related: Overcoming Conflicts with Multiple WordPress Blog Networks on One ServerChecklist for Setting Up a New Domain on VPSSimple Process to Claim Authorship of Pages with Google