No Script, No Fear, All Opinion
RSS icon Home icon
  • Server Move Complete

    Posted on September 17th, 2011 EEVblog 15 comments

    If you can read this, then the server move worked and you are now using the new dedicated server!
    The site and the forum should now both be MUCH faster.
    Please report any problems.
    Big thanks to @alangarf for helping with all the penguin stuff when shit hit the fan!

    Thanks
    Dave.

    Be Sociable, Share!
    • http://toolhacker.com Wartex

      Your blog subtitle has had slash before the apostrophe (And presented in Dave\’s unique) for more than a year now. That indicates that quotes are not escaped properly somewhere and your website will be eventually owned by an SQL injection attack. Fix it.

      • http://www.eevblog.com EEVblog

        Yes, every time I edit the main page it seems to add that. Real annoying. No idea how to fix it.

        • http://eevblog.com EEVBlog

          Make it a jpeg so the vulnerability is not obvious, try updating the blog software, and ask someone to add a code snippet to prevent people posting as you (I offered to help with website in the past but you refused, I’m not going to offer again).

          - wartex

          • http://www.eevblog.com EEVblog

            How can people post as me?, I don’t see any problem. I always keep my blog software up to date. I’ve had countless people offer to help me with the site and server move etc, and I appreciate the offers very much. Unfortunately I cannot accept all the offers of help, it’s simply not practical.

            • http://toolhacker.com Wartex

              jeez, look at the username in my post

              • http://www.eevblog.com EEVblog

                Ok, I see it now, you are able to post in my name.
                Care to tell me how to fix it?

                • http://eevblog.com EEVblog

                  If this post appears to be from EEvblog, the issue is quite simple to reproduce ;-)

                  On the “Leave a reply” form, you can enter any desired Name. Including “EEVblog”.

                  So, let me submit this comment and test my theory ;-)

                  Greetings,
                  Ed.

                  • http://edvoncken.net/ Ed Voncken

                    Ok, that worked. It looks like the reply-form code needs to check the user name entered, and reject it if it is “EEVblog”.

                    This may not be trivial, with Unicode characters and the like to keep in mind. Not familiar enough with WordPress to know if these forms accept Unicode input, or just ASCII.

                    Greetings,
                    Ed.

                    • http://www.eevblog.com EEVblog

                      Yeah, I thought that might be possible, and that doesn’t really bother me if it’s just the form. But Wartex mentioned an SQL injection attack might be possible though.

                      • http://edvoncken.net/ Ed Voncken

                        The only vulnerability in WP 3.2.1 I’m aware of right now is an XSS one – no mention of an SQL injection vulnerability. Perhaps a bugfix for the XSS will be released shortly.

                        Greetings,
                        Ed.

    • Michael K.

      Yes it looks faster now ;-).

      Thanks
      Michael.

    • Patrick

      grats david

    • Alex

      I am getting email notifications of new posts again, so that’s sorted.

    • benjamin

      hi dave,
      i just noticed that directory listing of

      http://www.eevblog.com/video/

      doesn’t work anymore. Bringing it back would be much appreciated :)

      • http://www.eevblog.com EEVblog

        Yes, I’m not sure why that is not working. The redirect is in place on the new cPanel account, but it doesn’t seem to work…