Schonhose

It seems the Drain Hole plugin used on this blog to manage the downloads of the Pixelpost addons is not compatible with the latest version of WordPress.

The author of the plugin has been notified of the problem and is currently working on a fix. I expect to have the downloads up and running pretty soon again. In the meantime, please be patient and keep your eye on this space to see if the issues have been resolved.

Thanks to everyone who bothered to notify me of this problem and once again my sincere apologies for the inconvenience.

I’ve updated two Pixelpost addons today. The first addon I updated is the Clickable Tags Addon. Thanks to Jay Williams (visit his photoblog) the code has been cleaned up a bit and the Javascript has been updated.

The second update concerns the Entrypage addon. The update includes the possibility to set additional URL parameters. This might come in handy if you would like to redirect your visitors to a paged archive.

Enjoy!

Today one of the other members of the Pixelpost development team contacted me. He has added my photoblog to the “Featured Sites” section on Pixelpost. This was a very nice surprise. It is nice to see my site listed with some of the best Pixelpost sites on the web.

I have to admit, I could have added my site if I wanted to. But I choose not to do this as I feel the section has to be a realistic selection of amazing Photoblogs. It would have lost credibility if all members of the team added their own site and those of their friends.

Over the past year I’ve been compiling a list with several entries about things that either were unclear or annoyed me to death about my photoblog layout. Fixing bugs or adding features took some time but yesterday I finally uploaded the beta version of the layout.

In general it is still the same, it only has evolved into an even better template (thanks for that comment Jay). So what is new?

• Lights out feature: turns all elements to dark except the photo. Can be found in the section Photo details in the Sidebar when looking at a photo
• Tooltips all around. People were having trouble locating things. I hope tooltips popping up will help with this.
• In case the tooltips cannot be found, have a look at the help page (right upper left in the menu). It will explain everything.
• The ratingstuff has moved to a more prominent place. It is more visible now and I hope people will start to rate more this way.
• The archive page now displays navigational elements in the thumbnailview.
• Find out the other stuff…

Once in a while I’ll get some mail asking me where the download of the template is located. I’m truly sorry, but you cannot download the template. It is part of my identity and I put in so much hours that giving it away for free or for a small amount of money just doesn’t feel right.

Thanks for all the kind words through those emails, those are really appreciated.

Thanks to Dave we found the mentioning of an exploit for the Pixelpost Copy Folder addon. This exploit consists of spoofing some fake administrator credentials so the hacker can try to get the login info from the file “pixelpost.php”. It was uploaded about a month ago (June 9th) by someone called Charles F.

Obviously we patched the svn version as soon as possible but I wanted to comment on the actual chance of getting hacked. To get hacked your server has to have the following options:

• register_globals = On
• Sufficient rights to write a file in the addon folder

Well, let’s comment on the first option, the register_globals setting. In my opinion any host that has set this setting on should be shutdown as soon as possible. Default setting of this option has been off since PHP 4.2.0 and for good reason!

Most hosting companies have setup different users for both PHP and FTP users. The PHP user is the user under which the PHP compiler runs, the FTP user is you uploading the files through FTP. With PHP Safe mode set to on, the PHP user cannot create files in a folder owned by the FTP user (assuming you’re on Linux and Apache). You can test this easily: did you need to set your images and thumbnails folder to CHMOD 777 upon install of Pixelpost? If the answer is yes, there is no way this hack could work on your server.

If the answer is no, you might be vulnerable (especially when register_globals is also enabled). In that case remove the Copy folder addon (“copy_folder.php”) from your addons folder. Chances you do get hacked are small, but better safe than sorry.