stlplace.com was hacked and restored, plus some thoughts

I found out this site was hacked yesterday evening, as I saw the loading of site on Safari was slower than usual. It also shows incorrect theme, more like a plain theme. With the admin link redirect to spammer site. I decided to tackle it right away. I recall about one year ago something similar happened to this site, and google webmaster tool told me about it. I was able to remove the offending files/directories, by following the recommendation set out by google and some other wordpress sites.

This time I made an almost fatal mistake, during deleting some of the files in wp-includes, I accidentally deleted all the useful php files there. Panicked, I used both the website restore tool, and the import feature of wordpress (mojo marketplace), to no avail. The symptom of the problem was I could not login, and I can only see the pages at uudaddy.com (I could not log in there either).

I filed for help at the hosting company. But I still feel helpless as this site has about 9 years of my blogging and uudaddy.com has my last 4 years of blogs. Fortunately I was able to find this wordpress help page about updating wordpress, and fix internal server error by deactivating the plug-ins. The latter comes only after I gained some web dev experience lately, knowing more about error 500 🙂

So long story short, I was able to restore all the blogs (those two plus my wife’s happy mandarin.com) by the following:
1) Restore .htaccess file to avoid the redirect to spammer page;
2) Restoring the wp-includes and wp-admin page: upload zip file, extract; in the wp-content directory, I renamed plugin directory as plugin.SAV (this way it deactivates all the plugins);
3) Run the wordpress update as soon as I can log in.

I also backed up the MySQL databases for stlplace and uudaddy, and backed up those two blogs to wordpress.com (this one and this one). I understand blogging itself is a declining trend, and it’s probably not easy for small web hosting company to defend against hackers like Google/Amazon/Wordpress do. That’s why I am also evaluating whether to move to wordpress.com or Amazon EC2 (self hosting). It’s a bit emotional decision as I have hosted this site for 9 years, but I need to consider both my time, the cost of hosting, etc. I will make a decision on this shortly. Meanwhile check out the new blogging sites I mentioned above, in which I will blog both about software development and raising kids.

Software updates

WordPress 3.1.1
Finally I got hands around my blog (this one stlplace) and did the WordPress upgrade. I put off the upgrade in the past primarily due to my laziness: there is no automatic update due to I was running on WP 2.0.2. The upgrade itself is not too bad, I followed those two articles on Backup database and Run manual update. I used phpMyAdmin for the WP database backup. For the WP upgrade the only tricky part for me is:

“…Upload the individual files from the new wp-content folder to your existing wp-content folder, overwriting existing files. Do NOT delete your existing wp-content folder. Do NOT delete any files or folders in your existing wp-content directory (except for the one being overwritten by new files)…”

I know “directory overwriting” generally works on Windows system, but we are talking about UNIX (Linux to be precise). The command I used goes like this (in the blog root directory):

cp -r -u new_wp-content_dir .
(here -r means recursive for directories; -u means update)
I believe it did the trick, as I can run upgrade database afterwards. After that I enabled the necessary plugins. The only plugin stopped working is the ultimate warrior tags. The rest are fine.

Btw, I also added WPtouch plugin so that this blog works better on iPhone.

Xcode 3.2.6
I found my old Xcode 3.2.2 can not handle block as it’s necessary to run Ray’s RSS reader example. Download the software from Apple, install, and found this “Base SDK missing” in the new Xcode. Did some google, the trick is to “use latest SDK” in the “project => build” setting. I noticed we can also build “older” targets by changing the target in “deployment target”. Obviously there is a limit as to how far we can go back (I have not checked that yet).

Btw, I found the iPhone 4 simulator looks cooler than iPhone 3 simulator 🙂

Added tags

I added the “tags” for this blog. There are two places you can see the “tags”: under the time in each post; the right side bar (under “tags”). So what is “tag” exactly? Using non-technical terms, tags is like “key words”. “Tag” helps organize and search the blogs.

To use it, you just simply click on the “tag”, and it will show the related articles which contains that “tag”. The “tags” cloud map in the right side bar ranks the popularity of each tag by the size of “tag”. The larger the font, the more popular it is.  

If you are really curious about how to make this work in WordPress blog, here is the link for “Ultimate Tag Warrior plug-in”.

Believe it or not, although “Google search” is so good, in lots of cases the “tags” created by human beings are much better in organizing and searching blogs. I am also including the definitions for “tags” from the blog search engine Technorati here. 

Get started 使用说明

(Updated May 2011) “古人云，人不自信谁人信之.” Others won’t believe in you unless you believe yourself. –Chinese proverb

Hello, world 🙂 I am not another expert. I am an ordinary guy who believes: by lifetime learning, hard and independent work and discipline, little guys can achieve their dreams, too.

I grew up in China. Currently I am working on iOS (iPhone/iPad) app development. Here I’m also blogging about iOS app/software development, business, personal finance, and other fun stuffs in life. You can leave comment here or Email me: if you wish to remain private.

Tip: you can always hit “home” or type www.stlplace.com to get back to the home page.

Search: please refer to the “search this site” page, as this is a bit complicated.

Related post: I added “related post” functions to this blog today. Basically it will show “related posts” at the end of each article if you go to each post (by clicking on the title). Hopefully this will make navigation of this blog a bit easier. Now we have search on the side bar (search by word, search by Google), and this related post thing. I also added “save to del.icio.us” button at the bottom of each post.

Revisions
(5-28-2011) Converted Ultimate Tag Warriror to WordPress tag, by importing and enable tag cloud in side bar. More information on U can be read here.

(April, 2011) Upgrade to WordPress 3.1.2, the only thing not working is Ultimate Tag Warrior.

(12-12-2009) Added my twitter widget. The Google Conversation Elements were removed earlier due to lack of interest. Note “Share This” Button at the end of each post has the buttons for Twitter, Facebook etc. Enjoy!

Added Google Conversation Elements.(May 30, 2009): this is to facilitate interesting and intelligent discussions on things. Enjoy!

Used compact archive (May 30, 2009): link to plugin.

Added “Share This” button (May 22, 2009): this is for bookmark and sharing with your friends. Try it out 🙂

Switch to a three column theme (simplicity), this allows for more room for side bars. (Dec 2007)

Tanslation: I added a language tool at the right side bar. You can click on the flag to get an instant translation of this blog. This is not perfect and sometimes it does not work because of server problem. But at least you can get a glimpse of what I’m talking about. (May 20, 2007)

My view on stocks: Information is provided ‘as is’ and solely for informational purposes, not for trading purposes or advice. (Mar 15, 2007)

Pictures: some of the pictures (those hosted on flickr and yupoo) are clickable. You can see a bigger picture if you click on it. (Mar 12, 2007)

Subscription: besides point your web browser to stlplace.com, you can also use “Add to My Yahoo”, subscribe to “feedburner” or “newsgator” to get the latest post. Pick your favorite way to get the blog: type in web address and check if there is anything new (the so called “pull” method); or the RSS subscription (so called “push” method, the new post is pushed to your web page automatically). (sometime in 2006)

Dec 2005, initial release.

(Original Dec 2005) Hello, world. I am not another stock expert. I am an ordinary guy who believes that: by learning and disciplined investing little guy can beat many “experts”.

At STLPlace, we believe in independent research and value investing. We don’t blindly chase hot stocks, we don’t follow Jim Cramer, and we don’t catch falling knives…

I grew up in China and have been in the US since Fall 1997. Here I’m blogging about business, finance, stocks, other fun stuffs in the US and China.

This is a place I’m sharing my thoughts. Please don’t take this as a stock tip and run with it. One selfish reason for this blog is to organize my thoughts and actions on stocks, and be a better investor along the way. Hopefully you can also benefit from this process: the result matters, but more importantly is how we get there, so that we can repeat the success.

Any comments, please send email to: