GeekApproach

The week started out so good! I migrated the site over to what I felt was a more robust back-end and site design only to be hacked he very next day.  A bit ridiculous if you ask me.  Here’s how it went down:
At about 4 in the afternoon on Wednesday I recieved an email from my server-side mail account here: geek@geekapproach.com.  The message was an automated dump from WordPress that told me that the password had been lost and recovered for my “admin” account.  I’ve seen a few of these lately because I ran GeekApproach in a beta mode on a different domain to make sure I got everything right before flipping the switch and going “live”.

So, mistake #1: Ignoring an automated email from your system telling you that your password has been changed.  I signed in about 7 PM to see my site still in my theme, but garbled text.  I’m now attributing this to (a rather excellent plugin) WP-SuperCache showing me a static version of the page.  In attempting to log-in however, it appeared my old password wouldn’t work.  Refreshing the main page brought me a “This site has been hacked by:” message proclaming the hacker to be “mosleium” (which I don’t believe) and that my data was apparently intact somewhere.

I lightly freaked out– I thought someone had penetrated my root account on the server, not just my WordPress sub-apps, but possibly other more critical things running.  This turned out to be the case.  I successfully logged into cpanel on my box, and hopped into phpMyAdmin to go talk to my mySQL dbases online.  Once there, I got into the users table where the passwords are stored– they are stored in an MD5 hash which is one-way encryptable (I’ll do a post about that later), but the recovery email address field– that is, the email address a new password gets sent to had been changed to some clearly unauthorized user.  I forced an update to the table back to one of my email addresses, and was able to “recover” my password back to myself.

Once in, I couldn’t see any sign of the hacker.  I found my root index.php page overwritten with his content however, and restored my site from the beta/backup site.  Rebuilt SuperCache, done.  Now, to figure out why and how this happened.

I searched around and found a few signs of how the exploit works. Firstly, it looks like it worked in WordPress 2.8.*– I’ve been running 3.1.* trunk for  awhile now.  It sad to see that it wasn’t fixed in my most recent copy.  Based on the above sight, I ended up changing my wp-login.php file to something a bit different.  Simply put, you can pass in an array as a key value here which the system will interpret as being correct and allow you to reset the pass without confirmation.  I’ve changed the few relevant lines of code in the file, and now it looks like this:

The critical part here is the if ( empty($key) || is_array ($key)) line which stops an empty array from being passed in as a key.

So, with that fix hopefully I’m ok.  It sucks that I’ll need to make that change everytime I update WP because they’re still not including that as a fix yet.

I’ve finally completed a rather drastic upgrade of the back-end of GeekApproach as well as its theme.  This change is long overdue and I’m finally away from the fixed-width (yuck!) type interface towards something that at leasts floats as you resize your browser window.  There’s more spare to add media to posts and ensure that they all aren’t weighted to the right.

I’m not sure what I want to do with the header, but we’ll see how it goes.  I also think I’ll jazz up some colors for the slug/category pages.  They drastically need some help.

On the back-end I’m using some plugins to build Google-compliant Sitemaps in XML, as well as an upgraded SEO tool on a per-post basis.  Here’s hoping I can keep some traffic up.

Drop me a comment and tell me whatcha think!

Minerva’s Den is the expected final piece of DLC for BioShock 2, and ironically the first piece of single-player campaign content since the game’s release in March.  For a title with such a rich single-player portion I was amazed that it took them this long to finally create a piece of standalone content, but it’s been worth the wait.

You play as Subject Sigma in pursuit of Reed Wahl within Rapture Central Computing in Minerva’s Den.

Reed Wahl, whom you're hunting in Minerva's Den.

The levels are smartly designed filled with the art deco paintings we’ve been used to during the main game.  There are plenty of splicers and in a fitting touch, tons of automated machines to take advantage of and destroy.  The pack starts out slowly with few plasmids at your disposal and the new weapon, the Ion Gun not being terribly useful or fun.  The game quickly picks up and you’ll be using some of your favorite plasmid and weapon combinations to great success. (Except for one…)

A few of the enemies have been improved– the big bumbling  Brute Splicers have made a comeback and this time they have numbers.  You’ll have a few battles that’ll push your ammo count to the limit, but I didn’t need a Vita-Chamber once during my playthrough on Medium.  There are also elemental variants of Houndini Splicers that make their presence known in the last third of the DLC.  A new Big Daddy type known as the Lancer also awaits you.  He seems to be a bit faster and possibly a bit stronger than the last variant but with enough time you’ll wear him down.

Killing a Big Daddy nets you a Littler Sister to harvest or carry which brings back one of the most mind-numbing phases of the original game– playing protector.  There are 6 little sisters to rescue and after 3 and 6 you’ll have to fight a Big Sister for your pleasure.  Again, these battles aren’t particularly hard but sort of annoying.  It sorta made me long for the original BioShock; at least there wasn’t a “protector” section built-in.

The deplorable Ion Laser in action...

As far as new contacts either by design of Plasmid availability or my own stupidity I ended up hacking a ton of bots and turrets to have at my disposal.  Again, this is fitting considering the content is based around a rather smart computer system dubbed “The Thinker”.  At one point the game even drops a fictional letter from Alan Turing in our midst– geeks will remember Alan Turing as the father of computing with his idea of a Turing machine capable of logic.

In the end I found Minerva’s Den to be totally worth it at $10.  It gave me about 4-5 hours of additional content, was for the most part very fun and enjoyable, and the ending was graceful and smart.  I highly recommend it.

I thought I’d drop a quick post about an awesome new game that I haven’t actually bought yet on XBLA, Shank.

Shank Freeze

Shank is a side-scrolling action game drawn in a cel-shaded format very similar to Penny-Arcade.   In fact, if the PA boys haven’t brought up a fuss (which they should) I guess it’s all fine, but the similarity in the art styles is rather striking.  Anyway, the game itself seems to be ultra-violent with lots of blood splatter and varying death animations.  Shank’s girl is kidnapped and he’s going after the parties responsible.

I only played about 30 minutes through including one boss battle, but I was hooked pretty quickly.  I think the asking price , $15 is a bit steep considering I don’t how much gameplay is there.  But I strongly urge you to go check it out if only for a short while.  From what I understand the multiplayer seems to hold a lot of promise as well.

Shank in Action