From Wordpress Back to Drupal
patrick — Fri, 2010-05-14 14:18
After several years of using Wordpress I switched my blog back to Drupal. There's several reasons for this, but some of the more important issues, to me anyway, included being able to easily do certain things like add external links to my "Pages" section. The only 2 ways I could figure out how to do it with Wordpress was to either a) hack the theme or b) make fake pages and then use Apache redirects to forward the URL to the real link. I also wanted to be able to quickly add a link or other content without it cluttering up the blog posts or forcing it onto every single page under the blogroll.
I was also having issues adding a blog post which I thought might be due to a broken Wordpress installation, but I later discovered was actually due to an Apache security module preventing me from mentioning certain file locations (such as /etc/passwd). After I figured that out I was able to break it up with spaces in order to post it, then dug into the database in order to fix it... In several places as Wordpress kept multiple broken versions of the post and I wasn't sure which version needed fixing.
My Wordpress installation was also being infected by Gumblar via some vulnerability that I'm not aware of. My site wasn't the only site infected:
- PHP Script Injection Exploit in WordPress 2.7.1
- My site was infected with gumblar.cn Trojan
- Watch Out for Recent WordPress Gumblar PHP Exploit
- Gumblar Breaks WordPress blogs and other complex PHP sites
- Wordpress Exploit Gumblar .cn
- Removal and Prevention of Gumblar.cn Infections
- Gumblar Crashes WordPress and Joomla Websites
- Gumblar site infections return, WordPress among affected
- WordPress Users Watch Out for Recent Gumblar PHP Exploit
I would like to point out that all of these pretty much point out really basic Windows and id-ten-t vulnerabilities. Mostly, make sure your anti-virus on your local computer that you use to upload the files is up to date. They also yammer on about changing your FTP password. Ok... really?
I work on a linux desktop & my code is stored my linux file server/test server - neither currently are or ever have been infected with any of this Gumblar crap. So the possibility of my local computer being the source of the problem and then me uploading pre-infected files is moot. Beyond that, the files were infected after the last time I uploaded files.
Next point is with FTP... Other than being forced to use FTP on Mosso for a couple of days last year and the 2 months I was at River City Studio back in '07 I've not touched FTP in years. Not only that, but I don't use SFTP or SCP GUI utilities either. I use rsync over ssh (Secure SHell) with a private/public key pair. So, unless there's some way to get my FTP password
from an rsync over ssh via a key...
So, what does this leave as possible sources for the Gumblar injections?
Anyways, I wanted a different theme for drupal and stumbled across Drupal-Theme.net which shows off several of the various free themes available as projects from drupal.org. I really liked the Elements theme, but it's just not yet complete. I also liked Pixeled, but again it doesn't seem complete and I don't like it as much as Elements. As both have had recent updates (and I've not yet checked them since the updates) I'm guessing they're still works in progress and most of the missed spots are more an issue of least used, least modified
. I ended up settling with the Deco theme as it seems complete, it even allowed me to drop the logo graphic in favor of a text header.
