As I’ve mentioned, I also want to blog the trip and get photos up soon, before I get caught up in other To Do’s. In attempting to do so today, I’ve learned that when Gallery Remote asks for a caption it really wants a filename. So I’ve been putting lengthy “captions” into fields that are only sized to fit filenames, truncating a lot of the text in the photo album. I’m annoyed, so I thought I’d vent here. I’m going back to fix it, but it’ll take some time.

I’m immensely proud of the fact that the current design exists because of me manually coding PHP, CSS, and XHTML 1.1 Transitional files. I have my own homegrown template system that allows me to change the code on one include file and affect the entire site, whether it be menu, header, footer, content, or overall layout. Alas, the time to maintain such a setup eroded years ago, and I’ve been limping along ever since. It’s time to focus on content.

I really like WordPress as a blogging platform- I’ve been using it for years, and the backend is easily maintainable using DreamHost’s One-Click options. But now that I’m trying to incorporate WordPress as the sole website publisher/ controller/ editor/ etc, I find myself wanting assurances that it will be stable, secure, and work solidly for what I need.

Unfortunately, as an IT Security guy, I also know that WordPress has the potential to be more vulnerable than other CMS’. And yes, I know that virtually EVERYTHING is rife with vulnerabilities: the debate is fierce and will thrive for some time. At the same time, Zope and Plone have been relatively safe from exploits- yet, they’re much tougher to customize the way I want.

In the end, getting things the way I want is my first priority, so for now I’m strongly leaning toward WordPress. A very close second is being safe from exploits. Wish me luck in finding the appropriate level of compromise.

Jan 31, 2010: Made status updates below.

In this post I’m taking rough notes of what appear to be attempted exploits against planetjk.com. I’m noting these partially for my benefit, so I can keep a log of things to potentially upgrade/mitigate.

I have a CSV file of traffic (currently logging the last 20 months) for cumulative analysis, but I couldn’t get Open Office to quickly trim out my home and work IP’s so right now I’m just eyeballing the data.

For a bit of a visual, here’s the visitor traffic broken down by country, courtesy of Mint:

• Someone with an IP in Sweden is trying to login to my Tasks and Gallery2 (photo albums). A lot.
• My installation of Mint needs to be updated //Done
• I’m seeing a moderate amount of trolling for phpMyAdmin directories
• In Mid-December, I see a lot of HTTP 500′s returned from disparate IP’s trying to get to this blog. Perhaps I was doing maintenance?
• An obvious zombie host tried exploiting some PHP code in the FAQ to surreptitiously upload a PDF (presumably loaded with more exploits). Oh wow: I just scrolled up and saw 12 more instances of the same thing, to different target paths, from the same source. That’s getting reported. //Done: sent an e-mail to the Abuse coordinator at Americanis
• A machine in Brazil tried to route the Photo Albums through a known brute force tool previously hosted online (I say previously because the domain name has since been suspended). I’m glad that DreamHost has one-click installs which allow me to upgrade ASAP. Now that I think about it more, I host photo albums and blogs for a few friends that don’t really use them anymore. It might be time to remove them. //Done: sent e-mails to friends

Okay, that’s enough for this morning- I have some abuse POC’s to contact. The notes above represent a reverse chronological eyeballing of traffic from Dec 2009 through now.

The biggest “problem” I have is that search bots don’t have memory loss. I still get trolled for directory structure that I had in place in 2001- I should really look into modifying robots.txt or creating proper sitemaps so they know where to go. It’s not really a security issue but it creates a ton of noise in the logs.

The biggest note to self is that I REALLY need to make a habit out of checking logs more often. Getting pwn3d on your personal domain is a bad thing for an IT security guy.