Recovering from a WordPress Spam Injection

Posted in web development, wordpress | December 5th, 2009 | No Comments »

I should have been relaxing and working on an inspirational side project, but instead spent much of Thanksgiving weekend trying to eliminate a senseless spam injection on a WordPress (wp) site.

I was frustrated, to say the least, by how difficult it was to find a solution. There were many months-old unanswered pleas on the wp forums.

I cannot figure out the hackers’ revenue model. Repeatedly over the course of two weeks, my husband’s site became unreliable to access. The symptoms were varied, including:

  1. The site never loads
  2. Loading stalls and then redirects to a virus scanner software
  3. The site is redirected to a Harry Potter related website
  4. The site takes a long time to load and the source code shows approximately 30 links to enhancement-related drugs or movies. Each time the links are to a new single site, where the drug or movie is a variable at the end of the URL. The inserted code has a style of display:none; so it’s not visible to the naked eye. Nevertheless, it is available to search bots.

For the first few days, the injection would take place in the form of #4 (invisible links) at the same time of day. Replacing the theme’s header.php erased the problematic code, returning the site to normal for the day. (I read of other situations where the injection is in the footer.) The ftp logs showed that /wp-content/themes/mytheme/header.php file was changed. Read the entire post: Recovering from a WordPress Spam Injection

Twitscoop: Roadmap to Discoverability

Posted in usability | June 10th, 2009 | No Comments »

Twitscoop LogoLollicode’s Twitscoop has become my daily source for breaking news, from the Hudson plane crash and earthquakes to Top Chef results. I use Twitscoop primarily through my favorite desktop Twitter client, Tweetdeck. The center column of my deck shows what’s “Buzzing Right Now:” the twitter zeitgeist as ascertained by Twitscoop. A click on any word of interest in the Twitscoop tag cloud results in a page with tweets containing the word, and a frequency graph of the term’s Twitter appearances.

In May, Twitscoop launched changes, becoming a full-fledged Twitter client. These changes posed some discoverability issues for me, in part because I was having a broader Twitter search issue. The people at Twitscoop have been great about troubleshooting with me. (They seem genuinely interested in making improvements to their interface, based on some of the public interactions with users on Twitter, their emails with me, and their ‘About’ page.)

I do have a few suggestions that mostly relate to helping users bridge the gap between what they know and what they need to know to make use of the service.

Read the entire post: Twitscoop: Roadmap to Discoverability

Loving the page layout of our siddur

Posted in user centered design | May 22nd, 2009 | No Comments »

Mishkan T'filah coverI’ve been preparing the program for my daughter’s Bat Mitzvah, to provide some orientation for the people who have never or rarely been to a Jewish service.  The prayer book (tziddur) can be particularly confounding without some explanation. There’s been plenty of controversy over the 2006 Reform siddur, Mishkan T’filah (“dwelling place for prayer”)—what should have been left in or left out, how much it weighs, accuracy of translation, gender-inclusive language that is too disruptive for some, etc. All that aside, I love the information design. The layout facilitates a more accessible service than its predecessor, using navigational cues and transliteration and translation for most prayers. It invites sinking in to each prayer through generous white space across a full two-page spread.

Read the entire post: Loving the page layout of our siddur

Google Analytics Call to Action Trips Me Up

Posted in usability | May 7th, 2009 | No Comments »

Access analyticsGoogle analytics login is like no other Google app. It always takes me a minute to figure out how to sign in. Every other Google app offers login on the top level page with a submit button: "Sign In." Below the login, there is a call to action (big blue button) to "Create Account" or "Get Started." Analytics, on the other hand, offers a text link to "Sign up" and the call to action button, "Access Analytics" takes you to the login. Access analytics? Couldn’t it at least say "Login?" How about just following the login design of every other Google app?

Google Apps Login Areas

Using PicoCrickets to Teach Debugging

Posted in computing | May 6th, 2009 | No Comments »

P.I.C.O. Cricket program for a purring catWe ran into trouble yesterday trying to make a cat meow when left in the dark. The cat was a PicoCricket, a programmable kit for making creations that move, make sounds, and light up based on inputs like touch, sound, and light. We were trying to make a cat that purrs when it’s dark, but the thing purred no matter the light conditions. I did not plan it, but it turned into a good debugging exercise for my daughters (ages 10 and 12). The image on the left shows the program with which we began, which was running in concert with a similar program (stack of blocks) to make the cat’s collar light up. (This is one of the sample projects sent with the kit.) The program on the left basically instructs as follows: "Keep doing the following: if the sensor is picking up light at a brightness of less than 20, then play the sound of a kitten." ("20" what, I am not sure.)

Read the entire post: Using PicoCrickets to Teach Debugging

« Previous Entries
Next Entries »