15 responses to “Server Move Complete”

• Wartex September 18th, 2011 at 02:50

  Your blog subtitle has had slash before the apostrophe (And presented in Dave\’s unique) for more than a year now. That indicates that quotes are not escaped properly somewhere and your website will be eventually owned by an SQL injection attack. Fix it.

  Reply

  • EEVblog September 18th, 2011 at 08:16

    Yes, every time I edit the main page it seems to add that. Real annoying. No idea how to fix it.

    Reply

    • EEVBlog September 19th, 2011 at 09:23

      Make it a jpeg so the vulnerability is not obvious, try updating the blog software, and ask someone to add a code snippet to prevent people posting as you (I offered to help with website in the past but you refused, I’m not going to offer again).

      - wartex

      Reply

      • EEVblog September 20th, 2011 at 21:42

        How can people post as me?, I don’t see any problem. I always keep my blog software up to date. I’ve had countless people offer to help me with the site and server move etc, and I appreciate the offers very much. Unfortunately I cannot accept all the offers of help, it’s simply not practical.

        Reply

        • Wartex September 21st, 2011 at 11:16

          jeez, look at the username in my post

          Reply

          • EEVblog September 21st, 2011 at 22:32

            Ok, I see it now, you are able to post in my name.
            Care to tell me how to fix it?

            Reply

            • EEVblog September 22nd, 2011 at 08:05

              If this post appears to be from EEvblog, the issue is quite simple to reproduce

              On the “Leave a reply” form, you can enter any desired Name. Including “EEVblog”.

              So, let me submit this comment and test my theory

              Greetings,
              Ed.

              Reply

              • Ed Voncken September 22nd, 2011 at 08:07

                Ok, that worked. It looks like the reply-form code needs to check the user name entered, and reject it if it is “EEVblog”.

                This may not be trivial, with Unicode characters and the like to keep in mind. Not familiar enough with WordPress to know if these forms accept Unicode input, or just ASCII.

                Greetings,
                Ed.

                Reply

                • EEVblog September 22nd, 2011 at 08:26

                  Yeah, I thought that might be possible, and that doesn’t really bother me if it’s just the form. But Wartex mentioned an SQL injection attack might be possible though.

                  Reply

                  • Ed Voncken September 22nd, 2011 at 08:45

                    The only vulnerability in WP 3.2.1 I’m aware of right now is an XSS one – no mention of an SQL injection vulnerability. Perhaps a bugfix for the XSS will be released shortly.

                    Greetings,
                    Ed.

• Michael K. September 18th, 2011 at 07:32

  Yes it looks faster now .

  Thanks
  Michael.

  Reply

• Patrick September 18th, 2011 at 16:46

  grats david

  Reply

• Alex September 19th, 2011 at 03:16

  I am getting email notifications of new posts again, so that’s sorted.

  Reply

• benjamin September 24th, 2011 at 10:06

  hi dave,
  i just noticed that directory listing of

  http://www.eevblog.com/video/

  doesn’t work anymore. Bringing it back would be much appreciated

  Reply

  • EEVblog September 25th, 2011 at 11:19

    Yes, I’m not sure why that is not working. The redirect is in place on the new cPanel account, but it doesn’t seem to work…

    Reply