RL Digital

Media Temple DV 4.0 – Cronjob Issues with Plesk 10

Robert — Thu, 12 May 2011 21:06:53 +0000

After migrating from Media Temple DV 3.5 to Media Temple DV 4.0, I found my email box filling up with notices of cron errors. Sometimes, the error was “-: wget: command not found” or other times “-: php: command not found”. Commands worked perfectly fine if run in SSH but not through the Plesk Cron Tab (Scheduled Tasks).

Initially, calls to the normally superb Media Temple Support resulted in several unsatisfactory replies such as “crons should work just fine on Plesk 10″ or “we really don’t support crons”. I tried everything. Believe me, several weeks living without crons was not fun. Databases didn’t get backed up, emails didn’t go out, cleanup scripts didn’t run, etc. Then finally, a senior support engineer at Media Temple put me on the right track by mentioning that the user (i.e., the service) requires shell access to run crons in Plesk 10.

This is discussed, albeit somewhat cryptically, on Page 166 of the Plesk 10 Administrator Guide.

In previous versions of Plesk, the users who were granted the permission to schedule tasks with cron but were not allowed access to server shell, could still run scripts in the shell under which the cron was running. This allowed them to gain access to the data that could be potentially used to compromise the server. Starting from Parallels Plesk Panel 10.1, execution of cron tasks is automatically restricted to the chrooted shell environment.

If you trust your customers enough to allow execution of scripts in a non-chrooted environment, then you can select the required shell by issuing the following command in the console…

The Guide goes on to mention bin/sh. Therefore, I went back to Plesk 10 and changed the shell access for each domain running crons. See below.

Voilà! Crons started working immediately.

Tip: Use commands in starting with “php” rather than “/usr/bin/php”.

Examples:
php /var/www/vhosts/example.com/httpdocs/myfile.php >/dev/null 2>&1
wget -q http://example.com/myfile.php

Freelance Confidential – New book for Freelancers

Robert — Mon, 28 Mar 2011 18:01:48 +0000

Freelance Confidential, from Rockable Press, is aimed at providing the hard numbers on the biggest issues of freelancing. And, advice for freelancers, by freelancers on how to improve and grow their business.

Where do you find clients?
How much do you charge?
How do you raise your rates?
Is social media really worth it?
and more, …

Written by Amanda Hackwith (FreelanceSwitch Editor), the book draws on survey statistics from over 3,200 freelancers and insightful interviews from 10 notable success stories, including Envato’s Collis Ta’eed, Linda Formichelli of Renegade Writer, and more. Freelance Confidential asks frank questions and gets the answers that will help your freelance business grow. Whether you’re a successful freelancer who’s reached a plateau or one who’s just starting out, learn the truths to success in Freelance Confidential.

Available: Amazon
Paperback: 140 pages
Price: $34.99
Publisher: Rockable Press (March 16, 2011)
Language: English
ISBN-10: 0987102605

Web Designer Demographics

Robert — Sun, 24 Oct 2010 14:39:38 +0000

This interesting graphic of Web Designer demographic data was published by Tech King. Click on the graphic to go to the original post which lists the data souces.

Infographic: All You Need To Know About Web Designers by Tech King

Beach Camera July Coupon Event

Robert — Thu, 01 Jul 2010 02:58:41 +0000

WordPress Code Injections – A New Threat

Robert — Sat, 12 Jun 2010 00:25:10 +0000

One of my clients has a rather popular sports site on based on WordPress. The site is up-to-date and running on DV server. A few weeks ago malicious code starting to appear on the site setting off warnings from anti-virus programs that monitor websites.

Sometimes, entire files are uploaded that contain malicious scripts. Most of the time, however, JavaScripts are appended to existing PHP or HTML files. One of the favorite targets is the WordPress index file (index.php). A self-executing JavaScript is added after the closing ?> tag. How they append the file is a bit of a mystery as permissions are correctly set at 644. The purpose of the malicious code seems to vary. Some code attempts to spread worms/trojans, steal passwords, or re-direct to spam sites (meds).

The best defense is a good file monitoring plugin such as WordPress File Monitor. This plugin monitors the file system for added/deleted/changed files and sends you an email when a change is detected. You can exclude certain folders or files. Still, you will get notification emails when you update plugins or work on a theme. This is a small price to pay for the knowing when a file has been changed by someone else.

WordPress File Monitor will not tell you if you have infected files already. You need to use it to prevent future attacks. If your site is already infected, you can re-install WordPress. Then, replace your plugin files and possibly theme files. If your site is clean now, it’s much easier to keep it that way with WordPress File Monitor.

How to make DomainKeys using Plesk 8.60 with external DNS control

Robert — Thu, 25 Feb 2010 02:35:20 +0000

Server-generated emails on websites requiring registration or verification, often do get not through Hotmail and Yahoo Mail spam filters. Hotmail requires a valid SPF record which is easy to implement. And, Microsoft will whitelist your domain for Hotmail if you request it.

Yahoo filed a patent for the DomainKeys concept in 2003. They still use DomainKeys and require it especially for server-generated emails. Implementing it used to require running a Perl script to generate the key pair for the electronic signature. And, instructions for updating your server DNS are difficult to find.

Plesk 8.6.0 has DomainKeys built into the Plesk CPanel. However, there is one extra step that is critical if you control the DNS externally (for example, with Media Temple’s Account Center). Here’s how to do it:

In Plesk 8.6.0, go to the Server Panel click on the Mail icon and turn on DomainKeys globally. Then, you need to go the domain, click on the Mail icon, and turn on DomainKeys for that domain. Plesk 8.6.0 will then generate the key pair (public and private) and update your DNS records in Plesk.

However many Plesk users have disabled “named” to save resources and control their DNS from their Media Temple Account Center or other external service.

That means, you need to copy the 2 DNS entries for DomainKeys from the Plesk DNS settings to wherever you control the DNS. Make sure to copy the keys exactly.

Once that’s done, wait for the records to propagate. Then, you can test your DomainKeys by sending an email from the domain to: sa-test@sendmail.net which is a DomainKeys/DKIM reflector (autoresponder).

More background information is here.

WordPress Leading Whitespace Fix – XML Parsing Error…

Robert — Thu, 14 Jan 2010 10:28:33 +0000

I recently got the nasty “XML Parsing Error: XML or text declaration not at start of entity Location” error instead of RSS feed on two client WordPress sites.

First, I tried the Fx-RSS-Feed plugin. No luck! it identified several hundred WordPress and theme files with unnecessary whitespace. Most of the files were write-protected. Way too much work for me to change all the permissions, run the plugin, and change them back.

Instead, I used the fix at Wejn’s lair. Scroll down the page and download the file “wejnswpwhitespacefix.php” or get the text version here.

Upload the PHP file to your root directory, then add this line to your index.php file: include("wejnswpwhitespacefix.php");

The only downside is that auto-upgrading your WordPress installation will overwrite the index.php file. You will need to re-insert the extra line of code. Instead, you might try the htaccess file modification described in the head of the file.

Dynamic Font Replacement for WordPress

Robert — Sun, 13 Dec 2009 00:28:53 +0000

Most common internet browsers only support a limited number of fonts. A client wanted to emulate the look achieved by BBC’s Later site using WordPress. That meant using SEO unfriendly images to replace the headings or dynamic font replacement. The latter is not only SEO friendly; it is also much easier to implement.

I looked at two WordPress plugins: Facelift Image Replacement (FLIR) for WordPress and Dynamic Font Replacement DFR4WP.

“Facelift Image Replacement (FLIR) for WordPress” seemed very promising. It is easy to implement and offers a wide-range of fonts that come with the plugin files. It is limited, however, to a single font replacing one or more tags of your choice. The main reason I abandoned it though, was a strange green highlighting showing up in IE8.

The “Dynamic Font Replacement DFR4WP” plugin did what I needed it to do without any artifacts in Internet Explorer. It has the added benefit that different fonts can be assigned to different tags. It conveniently installs a separate easy-to-find menu block in your WordPress Admin Panel sidebar. The only gotcha is that fonts can’t be uploaded directly to plugin admin panel. The fonts need to be converted here first. Once you figure that out, the rest is easy!

With either plugin, you will probably need to up-size your default heading font sizes to achieve the look you want.

You can see a very clever application of dynamic font replacement on this WordPress site.

The Best Dummy Text Generators – Lorem Ipsum

Robert — Wed, 02 Sep 2009 04:54:23 +0000

Web developers use dummy text as placeholders when building websites. Dummy text is required when the final text is not yet available from the client. It is used to demonstrate the appearance of different typefaces and layouts. Usually, the dummy text is nonsensical or unreadable my most people as not to distract from it’s purpose.

Lorum Ipsum can be traced back to ‘De finibus bonorum et malorum’ (On the extremes of Good and Evil) by Cicero in 45 BC. The original passage began: Neque porro quisquam est qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit (Translation: “Neither is there anyone who loves grief itself since it is grief and thus wants to obtain it”). It is not known exactly when the text acquired its current standard form; it may have been as late as the 1960s. The passage was discovered by Richard McClintock, a Latin scholar who is the publications director at Hampden-Sydney College in Virginia, by searching for citings of the rarely used Latin word “consectetur” in classical literature. source Wikipedia

Where can you find dummy text? Of course, you can copy and paste from online editions of ‘De finibus bonorum et malorum’. Better yet, use on the free online dummy text generators. Here are (2) of my favorites:

Lorem Ipsum Generator

BlindTextGenerator

Both generators have options to use other obscure languages as well as a variety of fonts. Have fun!

How to Hack-Proof your WordPress Blog

Robert — Fri, 10 Apr 2009 12:10:38 +0000

I just finished helping a friend bring back a Sports Blog after a nasty hacker attack. Luckily, we had a backup of the database. Otherwise, we had little chance to restore the site.

Here are a few tips to keep unwanted visitors from doing damage to your blog.

Set your File Permissions Properly

Use 755 for directories, 644 for plugins and core WordPress PHP files, and 666 for active theme files. You can check and change file permissions with your FTP client.

Use the Login Lockdown Plugin

Hackers know where to find your login page. The basic WordPress installation offers little protection against a brute force attack. Yes, the new WordPress revisions have started using hardened passwords. However, I still recommend giving yourself the added protection you get from the Login Lockdown Plugin. And, check your current or new password with The Password Meter.

Just upload it and activate it. The plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel.

Use a Database Backup Plugin

Manual WordPress database backups are neither easy nor convenient to do. It requires knowledge of phpMyAdmin. Fortunately, WordPress plugin writers have addressed the problem. The best known plugin for this purpose is Lester Chan’s WP-DBManager. With this plugin, you can have WordPress automatically send you backup via email or store them in a folder on your server (or both).

Turn off Registrations

Go to Settings –> General. Untick the ‘Anyone can register’ box. Save your settings. Need to allow registrations? Then, I strongly recommend using the Sabre Plugin. Sabre is an acronym for Simple Anti Bot Registration Engine. It’s a set of counter measures against spam registration on your blog.

Keep your Installation Up-to-Date

If you are not running the latest version of WordPress, then there is a higher probability that your site will be compromised. Hackers take advantage of the open-source nature of WordPress to analyze the source code and test it for potential vulnerabilities. Then, it is left up to developers and users to detect, track down, and then close off the code vulnerabilities that hackers are using.

Backup your Theme, Images, and Plugins Folders

It’s also a good idea to backup your theme, images, and plugins to your personal computer or on to a backup drive. If your host’s server completely crashes, you can restore your entire site.