Updates

  • John Walker posted an update in the group Group logo of UpdatesUpdates 18 hours, 34 minutes ago

    2020 July 9

    Updated the WP Mail SMTP plug-in to version 2.2.1.  This is a
    minor update which fixes some bugs in stuff we don't use and
    adds a feature in Gmail in which we aren't interested.  It
    modified 37 files and added 3,  We have no local code in this
    plug-in.  After syntax checking the changes, I made an update
    kit and applied it.  Nothing appeared to break, and I was able
    to successfully send a test E-mail to myself.
    
    Several hours later, there have been no indications of problems,
    so I committed the WP Mail SMTP plug-in version 2.2.1 changes
    (Build 482) and published to GitHub.
    
  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 day, 23 hours ago

    2020 July 7

    Starting at 06:08:31 UTC we came under an intense vulnerability
    scan and denial of service attack originating from 65.52.64.35,
    which is within the large 65.52.0.0/14 IP block registered
    directly to:
        OrgName:        Microsoft Corporation
        OrgId:          MSFT
        Address:        One Microsoft Way
        City:           Redmond
        StateProv:      WA
        PostalCode:     98052
        Country:        US
        RegDate:        1998-07-09
    This looks very similar to the attack we experienced on
    2020-06-25, coincidentally (?) starting at around 06:00 UTC.  As
    with that attack, it…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 1 day ago

    2020 July 1

    After yesterday's crash and problems with restoring the firewall
    after the system came back up, I decided to catch up on pending
    updates, which should have been installed around this time, and
    use the reboot to test whether my fixes to firewall start-up are
    working.
    
    Made a mirror backup to Juno.
    
    Made a backup AMI:
        Ratburger Backup 2020-07-01  ami-0859137eaa2899813
            /           snap-0ee1bb3fd849c8815
            /server     snap-0364850c6c47baa84
    
    Installed all pending update packages: 98 in total, 28 for
    security including a new kernel.
    
    Ran a Garback to…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 2 days ago

    2020 June 30

    Updated the Subscribe to Comments Reloaded plug-in to version
    200629.  This is a minor update which modifies 15 files and
    deletes 4 (all language translation files we don't use).  The
    major change is adding an option to suppress the comment
    subscription request box for users who are not logged in.  This
    isn't needed at our site since the subscription box appears in
    the comment form and we don't show the comment form unless the
    user is logged in.  There are a number of structural chanages
    getting rid of some uses of jQuery (hooray!--jQuery is an
    abomination which…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks ago

    2020 June 25

    Starting at 06:10:24 UTC, the site came under an intense attack
    from 185.174.40.173, part of a class C, 185.174.40.0/24,
    registered to "Libertas Network UK", but whose abuse contact is,
    for some reason, in Antigua and Barbuda.  The attack began with
    a fairly conventional scan for WordPress vulnerabilities,
    hammered in at a rate of around two per second.  Apparently,
    having found no vulnerability which could be exploited, the
    attack then switched into nihilistic destruction mode, in which
    it began to hit the home page at a rate of around ten times per
    second.  This, of…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 1 day ago

    2020 June 24

    Updated the Raw HTML plug-in to version 1.6.3.  This is an
    utterly trivial update which just changed a few lines in four
    files, only two of which are actually executable code.  It fixes
    a problem in compatibility with some versions of PHP, which is a
    stupid programming language used by stupid programmers to write
    stupid programs.  We have no local code in this plug-in, so I
    simply syntax checked the modified files and applied the update
    kit.  Everything looks hunky-dory after the installation.
    
    There being no apparent problems with the update installation, I
    committed…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 6 days ago

    2020 June 19

    Updated the Inline Spoilers plug-in to version 1.5.1.  This is
    an update which does not affect us at all, but simply remedies
    the plug-in's interaction with the disastrous "Gutenberg" "block
    editor" introduced by WordPress in their quest for
    self-immolation.  The README for the plug-in manages to misspell
    the editor as "Guttenberg"; given how many WordPress sites it
    has eviscerated, this may be appropriate.  There were two files
    (all administrivia) modified and two added to cope with
    Gutenberg.  We have no local code in this plug-in.  After syntax
    checking, I applied…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 1 day ago

    2020 June 17

    Updated the Really Simple SSL plug-in to version 3.3.4.  This is
    a trivial update that modified 8 files and makes no functional
    changes whatsoever: all it does is mess around with the "Review
    this plug-in" nag message to avoid interference with other
    plug-ins, twiddle the CSS for the administrator pages, and
    fiddle with WordPress's idiotic "multisite" feature that we
    don't use.  We have no local code in this plug-in.  I syntax
    checked the modified files, made an update kit, and applied it.
    Everything appears to be in order after installation.
    
    The Really Simple SSL…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 6 days ago

    2020 June 12

    Updated WordPress to version 5.4.2.  This is a "security and
    maintenance release" with 23 "fixes and enhancements", mostly
    corrections to the cross-site scripting vulnerabilities which
    continue to plague WordPress even in new feature code because
    its developers are morons and there is no adequate code review
    or configuration management of what they scribble in crayon
    before it is shipped to millions of customers.  They're forever
    giving out "Props" to the third parties who scrutinised their
    shoddy product and found these flaws they couldn't be bothered
    to discover…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month ago

    2020 June 8

    Updated the WP Mail SMTP plug-in to version 2.1.1.  This update,
    which includes 2.1.0 and the "fixes to fixes" patch 2.1.1
    modifies 81 files, deletes one directory, and adds six files all
    for a bunch of useless crap which will make not a scintilla of
    difference to us.  We have no local code in this plug-in, so I
    simply prepared an update kit, syntax checked it, and applied
    it.
    
    After applying the update kit, I verified that everything looked
    all right and there were no errors in the error_log, and sent a
    test E-mail, which was delivered successfully.
    
    I can't see…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month ago

    2020 June 7

    Updated the User Role Editor plug-in to version 4.55.1.  The
    version 4.55 update which we installed on 2020-06-03 introduced
    a horrific security flaw which, fortunately, did not affect our
    site.  If administrators had delegated the "edit_users"
    capability to other users, they could escalate the privileges of
    still other users beyond those to which they were entitled to
    grant.  Since we have no non-administrators who have been
    granted this capability, we were not at risk.  There is also
    some noodling around with the uninstall code to make uninstall
    of the "Pro" version…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month ago

    2020 June 3

    Updated the User Role Editor plug-in to version 4.55.  This is
    an administration-only update which changes how the plug-in
    uninstalls itself.  Since we do not intend to uninstall it, this
    doesn't affect us.  We have no local code in this plug-in, so I
    simply syntax checked the changes and applied the update kit.
    Nothing seemed to break after I did so.
    
    Committed the User Role Editor version 4.55 update (Build 473)
    and published to GitHub.
    
  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 1 week ago

    2020 June 2

    Updated the Stop Spammers plug-in to version 2020.4.2.  Not to
    be left behind in the "fixes to fixes" sweepstakes, the Stop
    Spammers plug-in weighs in with another update just two days
    after the 2020.4.1 release.  This is literally a one-liner,
    which simply comments out a hook call which shouldn't have been
    there in the first place.  Since we don't use the code in
    question, it is of no consequence to us.  I integrated our local
    code into the two files in which it appears with no conflicts.
    After syntax checking and verifying correct integration of local
    code, I applied…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 1 week ago

    2020 May 31

    Updated the Stop Spammers plug-in to version 2020.4.1.  This is
    a minor update which adds 2500 disposable E-mail domains to an
    already long list in the hopeless quest to squash the locusts
    faster than they breed.  The idiotic image files with spaces in
    their names that wrecked source code management tools all over
    the world were replaced with files with dashes in their names.
    A couple of options were added that we won't use, and more
    up-selling spam was added to irritate administrators.  We have
    local code in two files: one was unchanged in the update and the
    other had…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 1 week ago

    2020 May 29

    At 08:54:27 UTC we came under an intense site-scraping attack
    from 195.140.225.115, who first hit the site four seconds
    earlier and retrieved the home page.  It then appears to have
    instaneously fired off GET requests for every link: posts,
    profiles, tags, categories, etc. on the page, with a total of
    112 submitted in that single second.  This immediately blew up
    the PHP-FPM worker process memory allocation and started to
    throw 500 errors, thankfully mostly directed at the attacker.
    The attack resumed a few seconds later, with 102 hits recorded
    in the single second…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 2 weeks ago

    2020 May 23

    Updated the WP-UserOnline plug-in to version 2.87.5.  This is a
    completely trivial update which simply adds some bots to the
    table of known bots.  The release notes claim they update the
    WordPress compatibility claim to 5.4, but in fact they forgot to
    do that in the code.  We have no local code in this plug-in. I
    syntax checked the modified files and applied the update kit.
    Everything looks OK.
    

    Committed the WP-UserOnline plug-in version 2.87.5 update (Build 470).
  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 3 weeks ago

    2020 May 18

    Updated the Really Simple SSL plug-in to version 3.3.3.  This is
    a "fixes to fixes to fixes" update of the last two attempts, all
    devoid of any content useful to customers, and all aimed at
    up-selling and nagging users to leave reviews.  Of course, these
    were bungled, requiring two rounds (so far) of fixes.  This
    milestone in human achievement modified three files, two
    trivially.  Since they didn't change anything of consequence, I
    went ahead and committed the changes (Build 469) and published
    them to GitHub.
    
  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 3 weeks ago

    2020 May 16

    Re-implemented the ~/bin/muzzle feature to show drop counts for
    both IPv4 and IPv6 when called with no IP address argument.
    This was removed when support for ipset was added, since ipset
    doesn't collect statistics on individual IP addresses, but it
    remains useful for monitoring the total number of packets
    dropped by ipset rules, as well as any specific IP addresses
    dropped by direct iptables rules.
    
    The BuddyPress version 6.0.0 update didn't blow up or otherwise
    misbehave overnight so I committed the changes (Build 468) and
    published to GitHub.
    
    Between 02:58:09 and…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 3 weeks ago

    2020 May 15

    Updated the BuddyPress plug-in to version 6.0.0.  This is
    described as a "major feature release", but when you look under
    the hood, among the cobwebs and fouine poop, what you actually
    see is some minor fiddling around with the handling of avatars
    and cover images in the Members component (moving out some stuff
    which used to be in the "extended profile"), changes to the
    "Nouveau" theme which we don't use, and extensions to the REST
    API, which nobody in their right mind would enable, as it is a
    gaping security hole just waiting to be probed by every drooling
    moron that…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 3 weeks ago

    2020 May 13

    Between 14:00:41 and 14:07:48 we were subjected to an intense
    attempted SQL injection attack from 93.99.104.101, in an IP
    block belonging to FinalTek.com in the Czech Republic.  The SQL
    attack was futile, but that didn't keep them from pumping in a
    total of 244 POST requests all targeting, bizarrely, the
    s-p-q-ratburger group.  The requests came in bursts which
    averaged more than one packet per second, which inflated the
    number of php-fpm worker processes to 35, taking free memory
    down to 64900, provoking six memory allocation failures that
    torpedoed legitimate user…

    [Read more]

  • Load More