stlplace.com was hacked and restored, plus some thoughts

I found out this site was hacked yesterday evening, as I saw the loading of site on Safari was slower than usual. It also shows incorrect theme, more like a plain theme. With the admin link redirect to spammer site. I decided to tackle it right away. I recall about one year ago something similar happened to this site, and google webmaster tool told me about it. I was able to remove the offending files/directories, by following the recommendation set out by google and some other wordpress sites.

This time I made an almost fatal mistake, during deleting some of the files in wp-includes, I accidentally deleted all the useful php files there. Panicked, I used both the website restore tool, and the import feature of wordpress (mojo marketplace), to no avail. The symptom of the problem was I could not login, and I can only see the pages at uudaddy.com (I could not log in there either).

I filed for help at the hosting company. But I still feel helpless as this site has about 9 years of my blogging and uudaddy.com has my last 4 years of blogs. Fortunately I was able to find this wordpress help page about updating wordpress, and fix internal server error by deactivating the plug-ins. The latter comes only after I gained some web dev experience lately, knowing more about error 500 🙂

So long story short, I was able to restore all the blogs (those two plus my wife’s happy mandarin.com) by the following:
1) Restore .htaccess file to avoid the redirect to spammer page;
2) Restoring the wp-includes and wp-admin page: upload zip file, extract; in the wp-content directory, I renamed plugin directory as plugin.SAV (this way it deactivates all the plugins);
3) Run the wordpress update as soon as I can log in.

I also backed up the MySQL databases for stlplace and uudaddy, and backed up those two blogs to wordpress.com (this one and this one). I understand blogging itself is a declining trend, and it’s probably not easy for small web hosting company to defend against hackers like Google/Amazon/Wordpress do. That’s why I am also evaluating whether to move to wordpress.com or Amazon EC2 (self hosting). It’s a bit emotional decision as I have hosted this site for 9 years, but I need to consider both my time, the cost of hosting, etc. I will make a decision on this shortly. Meanwhile check out the new blogging sites I mentioned above, in which I will blog both about software development and raising kids.

Spring MVC, Maven

I’m back to Java world again, after about 2 years stint on Objective-C and iOS development. I’m not new to Java land, as I have done Java work between 2010 and 2011, for 2 years.

My personal learning experience:
JSF => Spring MVC (jspx is still very similar): I have done JSF, which is a component based Java web framework, we know Spring MVC is different: it’s based on REST, GET, POST, and mapping etc. Luckily I have done RESTful web services in my past work, and used those services from iOS side. Another new thing at client side is javascript, and jQuery, I recall I used Richfaces (extension of JSF) for the AJAX, they are not javascript though.

IBM web sphere/Rational application developer RAD, CVS => Spring STS, SVN, note both RAD/STS are based on Eclipse: for the application server, and development IDE, the transition is easier such they are very similar.

Ant (build.xml) => Maven (pom.xml): this is a big change, actually. Maven has some learning curve, also with the Nexus repository. My only past experience using Maven: use Netbeans to open the project (pom.xml file). I found the following two tutorials helpful.

Tutorial on Maven:
http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html

http://maven.apache.org/guides/getting-started/

Spring MVC: using the Get Started Guide from the dashboard, or the link here.

Obviously, learn as much as possible from the work itself, from coworkers etc. The good thing is my current work place is one of the most collaborative places I’ve ever worked. This makes my life a bit easier 🙂

Consuming a PHP SOAP web service from C# client

I need to create a SOAP client in C#, and in order to test it I need a SOAP web service. Since my hosting company uses MySQL/PHP technology stack, I am using this PHP Soap web service example.

For the C# soap client, I am following this example on stackoverflow. But there is one problem when I tried to run the example. I got the error (exception) like the following:
The content type text/xml; charset=ISO-8859-1 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly.

Again I found this thread on stackoverflow which seems relevant. It talked about the custom message encoder developed by Microsoft, and Paul Morgado’s addition to the CustomTextMessageEncoder class (just add his method at the end of the class). There is one more thing, the configuration file for the app. In my case, it’s something like the following: (note the messageVersion and bindingElementExtensions definition, there was some error in the Microsoft documentation regarding the latter one).

Continue reading Consuming a PHP SOAP web service from C# client →

Software updates

WordPress 3.1.1
Finally I got hands around my blog (this one stlplace) and did the WordPress upgrade. I put off the upgrade in the past primarily due to my laziness: there is no automatic update due to I was running on WP 2.0.2. The upgrade itself is not too bad, I followed those two articles on Backup database and Run manual update. I used phpMyAdmin for the WP database backup. For the WP upgrade the only tricky part for me is:

“…Upload the individual files from the new wp-content folder to your existing wp-content folder, overwriting existing files. Do NOT delete your existing wp-content folder. Do NOT delete any files or folders in your existing wp-content directory (except for the one being overwritten by new files)…”

I know “directory overwriting” generally works on Windows system, but we are talking about UNIX (Linux to be precise). The command I used goes like this (in the blog root directory):

cp -r -u new_wp-content_dir .
(here -r means recursive for directories; -u means update)
I believe it did the trick, as I can run upgrade database afterwards. After that I enabled the necessary plugins. The only plugin stopped working is the ultimate warrior tags. The rest are fine.

Btw, I also added WPtouch plugin so that this blog works better on iPhone.

Xcode 3.2.6
I found my old Xcode 3.2.2 can not handle block as it’s necessary to run Ray’s RSS reader example. Download the software from Apple, install, and found this “Base SDK missing” in the new Xcode. Did some google, the trick is to “use latest SDK” in the “project => build” setting. I noticed we can also build “older” targets by changing the target in “deployment target”. Obviously there is a limit as to how far we can go back (I have not checked that yet).

Btw, I found the iPhone 4 simulator looks cooler than iPhone 3 simulator 🙂

Spammer stole my Yahoo email and sent out spam mails

Friends, in case you received an email selling you Viagra online, which appears sent from my Yahoo email. I apologize. Obviously I don’t sell those. Some hackers used my Yahoo email and did this. Please ignore that mail. More information (prevention tips) about this tactic can be seen at:

I had my email account hacked into and emails sent out.?

I realized this problem as my Gmail acct is also in my Yahoo address book. Also, one friend asked me “huh”? I think this is not really brand new tactic, and I believe most people already know it. This note is just in case.

Continue reading Spammer stole my Yahoo email and sent out spam mails →

Facebook, LinkedIn & Twitter

Blogging is declining. My friend Wang Jianshuo reminds me about this trend. Obviously Jianshuo has much more authority on this because he started blogging on Sept 11 2002 and has a large followers at his blog.

On the other hand, I have joined Facebook, LinkedIn, Twitter this year (not necessarily in this order). And it seems to me all three websites are going strong. The main reason? I think it’s the networking effect. Facebook has been hot for a while, esp. among college students. LinkedIn got popular this year particularly since the recession made job search more difficult, and networking is much more important to land an interview or a job (compared to easy times). Twitter is more interesting, I noticed it changed slogan from “what’re you doing” to “what’s happening”. This precisely reflects the change of emphasis of Twitter, and the power of twitter, from Iran post-election to StockTwits (and many sites based on twitter, see 20 Twitter Apps you need to know).

Interestingly, I noticed one co-founder of Twitter, Evan Williams, is also the author of blogger. Maybe Evan already knows about this trend when he co-founded Twitter, which started a a mini-blog platform?

How do you know about visitors to your website ?

How much Google knows about you? The google dashboard. I found out the google search I did last Saturday on “enable root on Mac” (by going to google => “My Account” => “web history”). I believe there is a setting a google user can change to disable google to collect the data. But for me sometimes it could be useful because I want to repeat an old search I did a while back. A related question for business is:

How do you know about visitors to your website?
My title may be a bit misleading, I think a better question is how do you measure the performance of your web site? In other words, which page is highly viewed, which page gets no attention etc. Here comes web analytics (Wiki). Web analytics came of age lately as Omniture being bought by Adobe recently.

Google analytics
Google analytics is a free web analytics service offered by Google (Wiki entry here). Setup tutorial (video, link here)

Continue reading How do you know about visitors to your website ? →

How to use Scottrade Gainskeeper(tm)?

Gainskeeper ™ is a little program keeps tracks of stock cost basis, and the profit and loss. Scottrade provides this service to its customers. This program is not without problems (for me), such as mess up positions and long/short term profit/loss. It seems to me the program improved quite a bit lately, or it could be that now I learned how to use it. Another interesing program (or web site) is cakefinancial, which can keep track of your 401k, IRA and stock brokrage accounts from various financial institutions. Walt Mossberg did a good introduction on this lately.

Back to Gainskeeper. The main thing I pay attention to is: big gainer and big losers. Here is how I used it. Go to Realized Selling Acitivity (Summary), select year (2008). Last year, we all know it’s a terrible market. Here is my big losers (loss > $1,000):

Continue reading How to use Scottrade Gainskeeper(tm)? →

Order Domino's pizza online

Through the years I have bought books, digital cameras, computers, mouse, shoes and many other things on the web, from Amazon, eBay, buy.com, Sears, Zappos and so on. In some stores I could pick up the merchadise at the store (Sears, for one). I did that at Circuit City before its bankrupcy.

But today is my first time to order Pizza online. In the past, what I usually do is call the store, tell them what I want (usually I have a coupon). Today I decided to do something different (I don’t have a coupon anyway). So I went to Domino’s at around 11:25 AM. The steps are pretty straight forward.

Continue reading Order Domino's pizza online →

Google finance new interface, dividend screener

Google finance released the new interface last week. I did not feel comfortable with it at first sight, but after reading its explaination and spent some time on it, I am feeling more comfortable with it now. One quick thing, those who are interested in financial statements may complain where is the good old financial statement for a particular stock? Again check top left panel (a lot goodies there), click on “financials” you will see the income statement, balance sheet, and cash flow. In other words, they did not take away anything, my guess is they try to add new things and present the information better. Another minor feature is: they finally added the opening price of a stock, in the past, they only have stock closing price. This is not revolutionary, but something nice to have. On a related matter, now you can see their monthly stock chart in real fashion. In the past they merely connect the closing price of each day, which is still the case with 3 month (or longer) stock chart.

Dividend stock screener
Since I am talking dividend recently, I am creating this stock screener. Criteria:

Continue reading Google finance new interface, dividend screener →