Frustrating day yesterday. Not only did I have an html form which would not display compiled JSON encoded data for the Royal Mail “Parcel API v1.”, but when I finally worked out that I needed to use a single apostrophe rather than a double on the POST-ing form because the browser was parsing a second double apostrophe as completing the data variable, the compiled data also threw out multiple errors when sent to the Royal Mail endpoint (or startpoint) (or whatever). A day – a whole day – on when to use a single apostrophe, a double apostrophe, a numeral, a null, a false or a string. Gah!
And then – then – in the final half-an-hour – also attempting to the issue I started with, which is to say the labels that Click & Drop deliver in PDF format do not have anywhere for a sender to add phone number or email of the recipient.
Its that extendedCustomsDescription variable …
Now, I know there are GDPR implications in this, but we have continual requests from Post operators in Europe particularly to include (a) IOSS numbers and (b) recipient’s email / mobile phone numbers on the address form or CN22. The only – the ONLY – space available for this using the API RM provides is in the Customs Description space.
So in the 50 characters we have we now print the following:
“PrintedPapers +44777000777 a.person@gmail.com”
Will this work? Will EuroPosties see the details? I know not.
What I do know is that it gives us a chance of reducing our present v. high return rate – 25% or so.
I’ll report back here if we manage that reduction!
Do get rid of all the excess .htaccess, but if they keep reappearing in directories where they aren’t necessary (a) delete the code and insert some harmless text eg. #boil your head wpyii2# to stop them affecting the function of your website and (b) you’ve definitely missed some of the fake app’s php files, see (2) below.
Fake php files are hidden in a variety of directories where you may not be familiar with what *should* be there. Obvious vector directories are in the plugins – particularly the ones everyone has. Akismet is an obvious one to examine. File names include a series of numerals, as well as the following that I’ve seen: index2.php, content.php, radio.php. The latter, non-numeral files, tend to be c. 4.41kb in size and will have a date last modified later that the files in which they sit. As previously mentioned wp-admin is also often used, particularly /wp-admin/css/colors/
Some recommendations for those of you that can’t upgrade to the latest (greatest) version of WP – which you should absolutely do if you haven’t a very VERY good reason not to.
Use a fully configurable firewall app such as WordFence – this has a bunch of very useful features straight out of the can. But it is subscription so you might want to also implement the plugins like following instead, or as well as:
Login No Captcha reCAPTCHA (Google) by Robert Peake and Contributors – this will stop hackers getting into the admin area by force – or at least it has so far.
WP Force SSL by WebFactory Ltd if you have SSL – which you should by now.
Make sure you have in your “define( ‘DISALLOW_FILE_EDIT’, true );” config file, and that this file is linked in to your WP install’s directory rather than hosted there.
I am happy to report all websites are now clear and functioning perfectly, even the ones on deprecated versions of WP, plugins and themes.
I’ve just spent a week disinfecting my server from this pernicious bit of ruskyhack. Not only has it completely derailed my working week, its meant that my team have had very little work over that period as my websites have been unable to process orders. Whoever the surnames Skorobogatov, Serebryakov and Biryukov refer to, well, they should be ashamed of themselves.
The context is this. On a server (not the one this blog is hosted on) I have c. twenty installs of WordPress, plus several apps which are collected in three or four directories. I’ve got a variety of domains and subdomains, as well as password-protected directories for particularly sensitive work apps.
Now if I say that some of these apps take data from my WP install DB repackage it and spit it out via the Royal Mail API into their Click and Drop app, you will get why this fake plugin has completely disrupted that workflow. And of course the problem with some of the WP installs I am using is that, because of its wide integration into our production systems, I cannot upgrade either the WordPress version or the plugins associated with it.
WPYII2 found its way onto the server mid-week last week and the first I knew about it was some code appearing at the top of the homepage of several of my sites.
The damage was extensive. I lost three separate bespoke apps we use regularly for business because the fake plugin deletes top level ‘index.php’ files when they are not associated with a WP install. Luckily I had different earlier iterations available on the server so I could cobble together replacements – which ended up improving on the earlier versions.
As for the WP installs, well, they all fell over, repeatedly. I ended up playing whack-a-mole for a couple of days while trying to understand what the hell was going on. It didn’t help that there were plenty of posts from security firms saying, yes, this is a thing, and we’re here to help you get rid of it, but very few saying this is how you do it. I *think* I have done it, and the solution has ended up being cobbled together through trial and error and some helpful non-specific security posts from a variety of sources [for example]
So how to rid your WP install of this vicious fakery?
Open top-level index.php and delete the machine code sitting in lines 1-3
Delete any ‘new’ files at top-level that you don’t expect to see.
In cpanel use phpmanager to flip between php version to disable the fake plugins chron jobs
Replace the .htaccess file text with the single or multiple install vanilla code from here: https://wordpress.org/support/article/htaccess/
Delete all .htaccess files below the top level on the WP install.
Delete any folder in plugins which isn’t something you have installed eg. the folder called “wpyii2”
Look for any folders / files which have a recent ‘last modified’ date which you don’t recognise as being something you did.
Repeat 1 through 4 if at anytime the website won’t display / shows the code at the top of the page again.
Check 5-7 if you have to repeat 1 through 4
Once you have a clean install, or at least as clean as you can make it, and you don’t have to maintain an outdated version of WP, upgrade to the latest version of WP.
Upgrade all your plugins and themes. If you have made bespoke versions of themes by changing the code, I’d recommend trying to find a different way of creating the same effect through the customization options for that theme rather than altering the php.
Protect the ‘wp-admin’ directory with a password (check to see whether this works for your install of WP – I’ve had mixed results)
Install a firewall plugin – eg. BBQ Pro or similar
Install a 2FA plugin
Install captcha on login plugin.
Install a SSL/HTTPS force plugin – assuming you have a live SSL certificate for the relevant domain.
For 13-15 remember to do this for all iterations of a multisite – although BBQ Pro will activate across the network without further configuration (which I like).
With your wp-config.php file, add the following code before the ‘Happy Blogging’ message –> “define( ‘DISALLOW_FILE_EDIT’, true );” – this stops all editing of php / css / html within the WP environment (see note 11 re: editing themes etc.)
Consider moving the config file to the top level of your server, ie. above the ‘public_html’ directory, using the php code ‘require_once ‘/home/username/wp-config.php’;’ on the ‘wp-config.php’ file within the WP install directory.
As of 15th June 2022 I seem to have reached a stable environment with the fake plugin effectively being locked out by the abovenoted steps. However, I continue to monitor the server, and use downnotifier.com to give me immediate intel if things go awry. Any recommendations on other steps to keep this stuff away, let me know!
The cost of all of this to my business? Who knows? My time / stress? The lost orders? The lost IP? Those who black hat hack should reflect on their lives and wonder whether their skills could be better used elsewhere.
Over the last month, watching the horror of Putin’s unwarranted invasion of Ukraine, the horror has emerged on the page. The mad bear was obvious. Dancing While No-One is Watching and Lost In The Woods not so much until the gimlet eyes starting appearing.
Delighted to announce a new music podcast hosted by the CharlesCharlieCharles himself with songs by bands and artists who have under 100 monthly listeners.
Episode#1 which is all about testing out whether the podcast actually works, features songs from Zapaian, Ruby Rodgers, PINLIGHT and Enslave the Zombie.
Episode#2 sees Charlie get into his stride and begin to think about both how Spotify curates musical taste, and how bands themselves work with listeners’ expectations. We also get to hear about Donald Sutherland’s bottom* … featuring music from Leagues Apart, No Room for Giants and Petty Cassettes.
This week I was asked to update the Adventures in Preservation Volunteers (or jammers) on our projects for 2021, so on Friday at 5pm I livestreamed from the bridge and then took my viewers on a short walk to the castle to give them a flavour of what the project would consist next year.
The details are that we will be welcoming jammers for a fortnight in May and September – the details are available here.
Refurbishing Dunans Bridge …
The repairs to the bridge are wonderful progress toward the full refurbishment of this Telford-designed A-listed structure. It seems amazing to me that these are the first thorough-going repairs to the bridge since the 19th Century when the stanchions were reinforced with concrete. It just shows how durable Mr Telford’s design is.
Of course, the plan had been to refurbish the bridge in one season through funds acquired from Historic Scotland and the Heritage Lottery Fund. Our efforts were stymied by our inability to engage with our neighbours on the management plan our team had designed. With a deed of servitude over the bridge, our neighbours agreement to the plan was critical to the granting of funds of £750,000. As it is we have managed a programme, funded privately by the ScottishLaird project, which has achieved a great deal, but in a piece-meal fashion.
Volunteers in 2019
Our Jammers have been a Revelation!
Having said all that, working on the structure in this episodic manner has been a blast – not only because I have developed skills I never thought I’d need (rope-work, lime mortar mixing and scaffolding), but we have been introduced to some of the loveliest heritage fanatics – sorry, jammers – one could ever hope to meet (Brian, Lindy, Richard and Holly, I am looking at you!!).
With help from volunteers from SPAB and Historic Scotland during weekends either side of each sessions, we think we may even get a shot at repointing the ‘softer’ north face of the bridge (sounds like North Face of the Eiger doesn’t it?). This will then leave the main arch and the bottoms of the stanchions for 2022 – although whether we will have to engage a professional team for this as well, we are not sure. However we progress though, we wouldn’t have managed to get so far with the bridge without our volunteers!
… and the Castle!
But of course for 2021, the bridge isn’t the only story, and in the livestream I showed our jammers (and some Lairds and Ladies) into the main turret of the castle. This 4m circular tower was designed to be capped by a huge candle-snuffer conical slate roof, and the project for next year will be to repair the apertures, consolidate the doorways and, perhaps, work on the circular parapet at the top of the tower. I am hopeful that by the time the jammers get to it, we will have floors and temporary stairs all the way up the inside of the turret! Should make for a really memorable project!
Both Eland and Nigel are lined up to come back – and looking forward to meeting lots of new faces (and some familiar ones too!) And we are also back at the very popular HomeFarm Cottages with all of our preferred apartments.
I’ll be running the excursions again (because I really enjoyed them last time) and Anne and Sadie will be on hand to make sure you are all fed and I don’t eat more than my fair share.
For more details on the ScottishLaird project please click here.
For more details on Adventures in Preservation, please click here.
Racism should have no place in our society. Othering is a pernicious and vile practice – one which affects communities across Scotland. Gossip, innuendo and rumour all contribute to conduct which results in bullying, discrimination and disempowerment. It may not be full-blown racism, it might be sexism, or homophobia, or sectarianism – whatever it is, we are better than this and the campaign to deal with Dunoon’s ‘Jim Crow Rock’ is proof-positive that change is being demanded.
Thoughts on Encountering Dunoon’s ‘Jim Crow’ for the First Time
At first it seems it is Crow,
That sharp-faced Corvid –
Yellow-eyed, black-billed,
Black-footed and Wing-tipped
In iridescent black-blue –
Perhaps hooded in sombre
Grey – seen against a scudding
Winter sky - a darkling flag
Tumbling low over the waves to-
Ward a deep copse roost.
But no –
This ‘crow’ is anchored
Upon the foreshore, stilted
Mid-step, painted by the
Unkind brush of local
Tradition, shaping an Other
With a vile cartoon graffito
Of red lips and white tooth
Strip – it is an indecent dis-
Memberment of that
Which we all share.
Deirdre’s story is a sad and epic tale of love, betrayal and heartache – as well as death, blood and vengeance. Only in Cowal, among its gentle lochs and hills did the great Irish beauty find a measure of happiness.
Deirdre of the Sorrows
Draped over his shoulder
The cloud crept toward dawn
And masked the soft-edged sigils
Of drought dulled heather.
Her scent curled about his
Tonsure of Rowan and Alder,
As he opened his chest
In a supple twist of his hips –
He revealed the long loch
Of his cavernous belly,
And the glittering breadth
Of his seaward ardour.
Only then did she weep,
Effacing herself,
Until all that remained
Was a shiver of mist in the air.
As web developer and visual designer I’ve been working on ZippedyZoom.club which is part of TWTC’s response to Covid-19 – providing both a portal for kids to access fun activities and awesome stories, and a place for creative practitioners of all sorts to keep working. With funding for an initial 12-week run, we’re focussed on delivering content beyond that endpoint. Have a look here.
