How My Site Was Hacked

So in case anybody cares, what happened was that I apparently have a theme that got hacked. It appears to be a theme called super blogger had a helper.php file in it’s images directory which allowed files to be posted into that directory.

Using that uploaded file, extra code was added to my functions.php file in my standard theme which opened a backdoor and gave free reign.

Many thanks to Alex McKee who helped me track things down.

I recommend reading this post from Dave Meehan for more detail.

FYI, a couple things that should have clued me in (which I’ll look for in the future). First, I started getting an error on my admin console about extra data sent before the headers. I stupidly went into functions.php and fixed it (even working with 8Bit support) without noticing the added code. Second, in the source to my pages, there was a misspelled “Wordpres Counter.” That should have clued me in as well.

My Site Was Hacked

My WordPress site was hacked and apparently over the past couple days there was an embedded iframe that was causing a virus to be sent down. I did not totally determine what happened, but I’m continuing to investigate. I removed some bad code I saw.

Please make sure you use antivirus and your definition are current. If you do get a warning on any page, please let me know so I can investigate.


Customizing Firefox – Hiding Private Browsing

Update: I was reminded that using visibility: collapse for menu items leaves them in the key navigation. Instead, you should use hidden=”true” or in places that doesn’t work (context menus) display: none.

In my previous post, I showed how to setup a basic extension in Firefox. Having this extension will allow us to do some Firefox customization. Before I get into this post, though, I wanted to clarify one thing. I had you put your XUL overlay in the root directory and point your content directory to ./. I did that to make things simpler but in practice you’ll want to separate your files. The structure most commonly used is a chrome directory with a content subdirectory underneath. In that case, the directory in the chrome manifest would be chrome/content/.

With that out of the way, let’s customize Firefox. We’re going to prevent a user from accessing private browsing. We need a disclaimer here, though. We are not removing private browsing, we are just removing access. So if the user has an add-on that invokes private browsing, or if they have access to about:config, they can still turn on private browsing. For any of these customizations, there’s an expectation that the right things have been done to prevent the user from accessing functionality via other means.

Customizing Firefox – Extensions

I’ve decided I’m going to expand on my earlier post about customizing Firefox with extensions. A lot of the things people have asked for recently can only be accomplished with extensions, so I want to try to give people a very basic handle on creating extensions so I can then give sample code of the specific things people are trying to do.

My goal here is NOT to teach people how to build extensions. You can find that information on AMO or MDN. My goal is give people a very basic understanding of how one particular type of extension works so I can produce simple code snippets you can drop in and use for your Firefox distribution. If you need anything more complex, you’re going to have to hire me.

Adding a Pinterest Image Without Impacting Your Page Design

Recently I had to modify a page to work with Pinterest. The problem was that all the images on the page were either CSS background images or had a height or width of less than 80 pixels. In those cases, the Pin It bookmarklet simply ignores the images. So the question I had was how to make a page Pinterest friendly without impacting the design.

Customizing Firefox – Disabling Safe Mode

NOTE: None of the methods documented in this post work anymore. The safe mode dialog was changed and I can find no way to prevent it from displaying.

I have one more post planned about customizing Firefox with add-ons and the CCK Wizard, but I wanted to get this out in the mean time.

A lot of people ask how to disable safe mode in Firefox in an enterprise environment. This post will tell you how to do it with an add-on.

Customizing Firefox – Default Profiles

Update: This method no longer works in Firefox 46..

Update: The locations of the files in this post have changed. I believe I’ve updated them all, but if you have problems, see this post.

Update: I have made major modifications to this post. I was not aware that Firefox copied the contents of the defaults/profile directory on the file system after using the files on omni.ja(r).

This next method of customization is not as widely used, but it is still worth mentioning. It involves changing the files that Firefox uses when creating a new profile. We’ll also take this opportunity to talk about userContent.css and userChrome.css which we mentioned earlier.

Customizing Firefox – distribution.ini

In many of my previous posts about installing add-ons into Firefox, I have mentioned the distribution directory. While I’ve primarily indicated that it is a place for installing add-ons, it’s actually useful for more than that. Files in the distribution directory are what allow for custom Firefox distributions like Firefox with Twitter or anything produced by build your own browser. Besides installing add-ons with a distribution, there are two other things you can do: install search engines and customize preferences and bookmarks with a file called distribution.ini.