After recovering from a hacked web server most of the morning, I and rest of the family got a little hungry around lunchtime. With nothing planned for lunch, I wandered the kitchen trying to think of something quick and easy. Having had biscuits on the mind due to a pseudo-failure of a made-from-scratch batch last week, I settled on stuffing prepared dough with something. Grabbed a bunch of stuff from around the kitchen, mixed it together, and viola — an easy recipe for a lazy lunch.
1 cup shredded cheddar cheese
1 cup finely chopped cooked chicken
1 stalk celery, finely chopped
1 mini sweet pepper, finely chopped
1 whole green onion, finely chopped
1/3-1/2 cup Ranch dressing
1 package Pillsbury Grands buttermilk biscuits
Preheat oven to 350 degrees. Mix together all ingredients except biscuits in a small bowl. Separate biscuits and split each one into two layers. Slightly flatten each layer by hand. Put all eight bottom layers on a baking sheet or Silpat. Spoon chicken mixture onto each biscuit, distributing evenly. Cover each biscuit with its top layer and press around the edges to seal. Bake in preheated oven for about 22 minutes, or until top is golden brown. Makes 8 filled biscuits.
If you don’t have mini sweet peppers, throw in a couple tablespoons of finely chopped red, yellow, or orange bell pepper. Next time, I might add something to slightly kick it up a notch — a dash of cayenne pepper, 1/4 tsp. mustard powder, a sprinkle of Old Bay seasoning, or maybe a few drops of Tabasco sauce.
When hackers from (or at least through) China brought this website crashing to its knees earlier this week, I learned a valuable lesson: Keep up with patches to popular web applications.
For the past few days, I’ve noticed unusual activity on the blog (run with WordPress software), each event progressively more alarming than the previous — my custom theme was switched to the default (dismissed as an errant click on my part); a plugin was disabled (caused me to start paying attention); links to spammers were added to the sidebar (major alarm bells); and then the blog went completely down due to loss of database connectivity (total panic).
I shut everything down. Peeking around the MySQL stats and logs, I noticed that it had been restarted two days before the blog came down completely. In that time, there were 12 million queries, about 56 per second! There’s no way that normal traffic would justify those numbers. No spikes in HTTP requests, no diggs, etc. Appears that I was an unaware victim of a SQL injection exploit that was discovered in v2.1.2, the out-of-date version I was running.
As luck would have it, I had saved a SQL dump just hours before everything went to hëll. Due to the extent of the damage, recovery involved deleting everything (files, databases, MySQL users, etc) and starting with a fresh v2.3.2 install, manually massaging the upgrade process from the older v2.1.2 table structure. It was a nightmare that lasted most of the day, but I recovered everything except the existing category structure which I planned on redoing/replacing anyway.
Follow these steps to keep yourself a bit safer:
Do not rely on luck like I did. Instead, install the WordPress Database Backup plugin and configure it to email backups daily, weekly, or monthly — whatever is appropriate for you, your blog, and your traffic patterns.
If you’re mucking around within phpMyAdmin (or something similar), export a full SQL dump while you’re in there anyway, and save it to your local computer. (I frequently do that, much mitigates some of the luck I had.)
Back up these emails/backups occasionally on CD/DVD/whatever, and sometimes take and keep a copy off-site. (I still need to get better about off-site storage.)
When WordPress releases a security patch, upgrade as soon as possible. (My new mantra!)
When WordPress announces a major version, upgrade within two weeks at the latest — not so soon that you are inundated with all sorts of new bugs, but not so late that you remain vulnerable for an extended time. (I still think it’s OK to wait a couple weeks for version 3.01 (for example) to come out after version 3.00 has been announced in order to get major flaws addressed. Especially if it’s a Microsoft product.)
And, who knows, I might regret it someday, but I’m seriously thinking about grounding HTTP requests and blocking IP addresses from China since that’s where 95% of the DOS attacks and comment spam targeting this blog originates. I’m all for free speech and freedom from information repression, but a few bad apples are spoiling the cider.
[This was originally my 500th blog posting before the total overhaul!]
Windows is such a terrible (un)operating system that I find myself at least once a year having to wipe a computer I don’t care much about and reinstall everything rather than trying to solve whatever particular problem has surfaced — a procedure in stark contrast to troubleshooting my main, daily-use computers for which I will do whatever it takes to avoid a reinstall.
Microsoft compounds difficulties further, limiting the number of times you can try to recover from their self-made messes, and requiring activation of a poorly performing O/S that I’d frankly rather replace with anything created by the dumbest Apple engineer. Yet, for hopefully only the short term, I am forced — thanks to a tech budget recently blown on camera gear — to stick with Microshaft.
So, here I am, in my dining room, trying to resurrect my daughter’s computer. No, I do not want to activate or register my computer online for the umpteenth time. I just want to reinstall and go — and, in order to do so, I’m invoking a little-known secret.
Located in the \i386\unattend.txt file on your installation CD is a product ID that resembles a registration key (not the same thing!) that sometimes allows you to activate your computer and skip the registration process when you use it instead of the registration key printed on your genuine Microsoft product packaging. It’s often hit or miss; some IDs work and others don’t.
Now, with any luck, you can stick it to the big guy in Redmond by refusing to re-activate your already registered product!