This is just a quick aide memoir, for how to find the current Joomla version in use if you do not have direct access to the admin panel. The version information can be found in
libraries/joomla/version.php
Rowan :: Sep.05.2008 :: Quick Solutions, Web Apps :: No Comments »
Interesting to see this post from WP developer Donnacha, on removing various popular nasties from a wordpress install after it has been hacked or compromised.
At work we often see instances where it is not possible to simply return a user’s CMS install to a pre-hack backup and then upgrade (the safest course of action) because of
So we’re often left with a script / CMS install that needs to be cleaned up and upgraded. Where suspicious files have been uploaded, these are often easy to locate because of the sheer number of requests to these, for example from vulnerable PCs that have been tricked into trying to download a virus or trojan loader. Malicious javascript added to core or template files can be more difficult to spot in this manner as are disguised files referenced from the CMS’s database.
It would be helpful if the development / security investigation teams of most major CMS’s published these sorts of guides. Thanks Donnacha!
Rowan :: Jun.17.2008 :: Security, Support, Web Apps, Web Hosting :: No Comments »
This post is an aide memoir more than anything else, but hopefully might come in handy to someone.
Settings.php
Database
There are several instances within the settings table where the local file system path is stored within the database. Whether you pick find and replace (if restoring via a .sql file), the forum backend or PHPMyAdmin lots of things such as post icons and avatars will look screwy until you do. The theme path is also stored within the database in some instances. Make sure you get them all 
Rowan :: Jan.22.2008 :: Quick Solutions, Web Apps :: No Comments »
I’ve been pleased to see the inclusion of an update warning in recent versions of Wordpress when new versions are released. Coupled with the plugins page that now tells you when updates are available for your installed addons the system is becoming a lot easier for the non technical user to maintain, even if they ultimately have to seek help with the process. Working on a web host’s helpdesk, it’s obvious that half the problem with old script installs is that the site owner isn’t aware updates are required.
I’m looking forward to the day when Wordpress can also have the option to update itself (for example as Simple Machines Forum can do, by feeding it your FTP details), just to make it a little harder for users to ignore 
Rowan :: Jan.12.2008 :: Web Apps, Web Hosting :: No Comments »
Learning to use the command line is one of the hardest things about moving to Linux, however once you’re used to it, doing things becomes second nature and you actually miss being able to use the terminal in those cases where you have FTP access but no shell account. For some things using a GUI is laborious, upgrading web apps is a major case in point.
One way of getting around this is the curlftpfs package. The software allows you to mount your FTP account and access it as you would any other part of your Linux File System.
After installing the package, you may have to modprobe fuse and may have to add your user to the fuse group. The former was necessary on Suse 10.2 and the latter on Kubuntu Feisty. After that simply create the folder you wish to use as a mount point and issue the command.
curlftpfs -v ftp://user:pass@ftp.somewhere.net/ MountPoint/
Once everything is working you can do away with the -v which enables verbose output. This is great if you need to do work on a web app where there is no shell access.
Caution
It is easy to forget this is not shell access, commands like unzip, unrar etc will use the binary on your machine with the resulting backwards forwards data transfer. Use such commands at your peril if working on an unstable connection, with large files or if you don’t have a backup.
Whilst this can be used with the rails command (again not recommended), bear in mind that you’ll need to copy the contents of the vendor directory to the server manually, as this is normally symlinked when working on the shell.
References
http://gentoo-wiki.com/HOWTO_FTP_Mount
Rowan :: Sep.02.2007 :: Linux, Quick Solutions, Web Apps, Web Hosting :: No Comments »
Recently a couple of the people who run the biggest WPMU based sites out there have put together a premium member’s area for those wishing to run serious MU based sites.
Seeing as Boz and I have been recently putting together an MU site for a group of friends this is an interesting development, I can immediately see the need for this for those working singly or in small departments who don’t have the direct WPMU expertise but want to quickly reach a large user base on a stable, scalable software base. A reasonable proportion of the freely available MU plugins out there look like they may present scaling difficulties down the line - something you definitely don’t want if you’re providing a service you have to support. Hitting a wall once you’re a few thousand users in is probably extremely unpleasant as it’s harder to redevelop something that is running 24/7.
If we do get around to building another site with WPMU (I have to say I’ve enjoyed working with it) I’ll probably subscribe to this as much out of interest as out of need.
The only real downside I can see is that they may well get an influx of subscriptions from people who really want everything done for them, from consultation to installation and ongoing support which may well clog up the premium forums and their time to support on there with inappropriate questions. However the entry fee will hopefully discourage this kind of behaviour.
There may well be a snotty counter argument to doing this sort of thing off the back of GPL style software, but in all honestly, WPMU is a fair way short of what wordpress.com is so it’s difficult to make an argument whereby these people shouldn’t get rewarded for their expertise and time. Essentially I can see dev premium saving me time in working out answers other people have already arrived at and life is too short for the alternative.
Rowan :: Jul.20.2007 :: Web Apps, Wordpress MU :: No Comments »
The forums over at Wordpress MU aren’t really the hand holding sort, the regulars are just too busy. However if one has done some background work first there are good solutions in the threads and the regulars are happy to assist someone who has managed to get a part of the way on their own initiative.
A lot of people however seem to approach MU without the pre-requisite skills suggested in the software’s readme (i.e being able to cope with server level software as opposed to a single cms / wordpress install).
For this reason I’d consider the four points below fairly essential if you want to work with MU (even if you have a technical background).
1. Use self hosted wordpress for at least six months - by “use” I mean creating a site installation you’re happy with and blogging to it regularly. Install via FTP or shell rather than fantastico or equivalent and install any security updates as soon as you can.
2. Be comfortable installing and fixing small issues with widgets, plugins and themes - be comfortable reading through the code and following the logic into the database if something isn’t working as expected. The wpmu forums are an invaluable resource but will often only point you in the right direction with a code snippet, you’ll have to apply the solution or follow the logic through so it fits to your site.
3. Ideally have written some plugins / widgets / themes for WP yourself - I hadn’t before starting to work with MU and I really wish I had as there is the added complexity of considering the multi user element when working with MU.
4. Be able to manage the necessities on a dedicated server or VPS - If you need to hire hardening or optimisation experts or have the budget to pay for management, fine. My own WPMU site is currently sitting on a shared host and will hopefully be fine there - once ready to deploy a site that will be for the wider public rather than just friends from reading the MU forum it appears that this is the ONLY reliable way to go. My experience at a shared hosting company completely backs this up - as a general rule users aren’t allowed to install server level software themselves as it puts far too much of a drain on the shared resources.
Rowan :: Jul.11.2007 :: Web Apps, Wordpress MU :: No Comments »
As further proof that whenever you have an idea the Internet is capable of crushing you by showing you that someone has already done it, I’ve been meaning to write an article on this for a while - and now I don’t need to.
Updating a personal website has always been something I’ve known I should do, but never got around to very well, Wordpress lets me easier than any other CMS I’ve used.
Rowan :: Jun.25.2007 :: Reviews, Web Apps :: No Comments »
MU allows you to limit the amount of disk quota the blogs can use out of the box. However many site admins may want to be able to change this value per blog and for this an extra plugin is needed.
The plugin that seems to do the job is z-space (WPMUDev page) by Dylan Reeve, based on earlier work by some other developers with which it is backwards compatible. It’s an MU plugin meaning it is auto executed for every blog rather than appearing in the normal plugin dialog. The plugin adds a nice readout to the dashboard giving an indication of space used. It appears to have been fixed by another developer for WPMU 1.2.1 according to the WMPUDev page.
When testing, a word of warning. Make sure you’re doing so as a user rather than the site admin, or the quotas won’t necessarily take effect.
The one drawback to the plugin I can see is that if you upload a file that takes you over the limit, this will be stored even if it takes you significantly over the assigned quota, this also makes the status bar look a bit odd. It would be nice perhaps to be able to disable this or have a maximum threshold over quota that is allowed. Further uploads will be prevented once over quota (the file will not be saved after it has been uploaded). It would be good if the upload button was disabled if the blog was over quota.
It looks like Dylan is also working on a Premium blogs plugin which despite being in the early stages looks really promising. I can personally envisage wanting to have different levels of premium blogs with different levels of disk space / plugins etc.
Rowan :: May.27.2007 :: Web Apps, Wordpress MU :: No Comments »
I’m currently fiddling around with Lyceum and Wordpress MU in an attempt to decide which is most suitable for a little community site I want to get going.
Installing MU is as simple as uploading the file base to the web root (or other location of your choice) and then visiting the site. Pop in your database details and off you go. You must choose at installation time whether to use subdomains or directories for your site - the language implies this cannot be changed later.
Cosmetically, MU looks an awful lot like Wordpress (yes I know it IS Wordpress but I’m sure you know what I mean!) both on the front page and in the admin area, whereas Lyceum has a customised front page and admin area. Given that you’ll probably customise a fair bit this doesn’t matter overmuch, but there is a certain logic to the MU setup of having the admin bits and bobs within a tab in the familiar Wordpress admin area.
Whereas at the Lyceum site I found things easy to locate at a glance the MU site doesn’t seem to link very visibly to http://wpmudev.org/ which seems to be quite an indispensable resource for plugins and themes, even if a lot of contributors seem to have difficulty updating their contribution pages with the new releases. After ten minutes of browsing I’d already added the per user upload quota plugin which is an absolute must have for my site. I’m sure there is a good reason there isn’t a flipping great link on the main site of course The site may even have been superseded for all I know.
It’s going to be quite interesting working out which of the systems will do what I want with the least work - a hard bit is definitely going to be deciding which database setup is better. I’ll blog along as I come up against interesting differences and issues.
Rowan :: May.02.2007 :: Lyceum, Web Apps, Wordpress MU :: No Comments »