native mt captcha note (CaptchaSourceImageBase)

I sometimes get inquiries about implementation of the native Movable Type captcha system for comments, often from people who are on the same webhost as this site but cannot get the captchas to work.
You might just be in luck if you’re looking for a fix for the following message that appears at Blog Settings –> Comment settings –> Comment Display Options –> CAPTCHA Provider:

“You will need to speak to your host about Image::Magick and if it is installed.
CaptchaSourceImageBase is a configuration directive.”

As you can see, any really useful information is kind of left out, but a bit of Googling reveals the following: CaptchaSourceImageBase is simply a line that needs to be added to your mt-config.cgi file.
Specifically, edit your-path in the following and add to mt-config.cgi:

CaptchaSourceImageBase /your-path/mt-static/images/captcha-source

Hope that works for you.

We be back

So a friend asked if this is really the last time I’m changing webhosts this decade, to which I could only reply, “shit, I really hope so.” Well, third time’s a charm and all that (My three for posterity’s sake: FeaturePrice, iPowerWeb, Dreamhost. Yes, I sure can pick ’em).

I have a bunch of stuff to post, but getting this site back up took it’s toll. Time to sleep so the baby can wake me up….

Google & Firefox Warnings Fixed

Almost ten days ago I wrote briefly about how this site got haxx0red and had been unintentionally serving a hijacking script, and how you would probably have trouble even visiting if you were using FF3. As it turns out, if you attempted to visit any of the pages here through Google, you also got a warning about this being a potential attack site. This was pretty fucking annoying, truth be told. Irony of ironies, I used Google’s very own Analytics service to watch how traffic was directed away from my site day by day as a result of scary warnings from Google and Firefox 3.
Quite honestly, I assumed that the road to reconciling this problem with stopbadware.org (the people who you need to go through to get taken off the “attack site” list for both FF and Google – oh, and possibly some antivirus/antispyware apps as well) would be a long and possibly ultimately futile one.
This suspicion was fueled by the results of the first review I asked stopbadware.org to perform on my site after I had cleaned the hijacking script off it: They said their review showed my site to be clean and that they had asked Google to perform their own review. Google’s review came up with the result that my site was still infected, but this was highly suspect in my eyes because the directories they claimed to find infections in no longer existed – I’d deleted them in my initial cleanup of the site! Was Google searching a cached version of my site? Was it a version Google itself had cached? Madness. I explained as much to stopbadware.org when I requested a second review of my site…
I checked on the status of my site last night and saw that “Google has removed the warning for this site.” I checked in Google search results and in Firefox 3 this afternoon and it seems that my site is being treated as normal again. Overall, I’m very happy with how things turned out and found the review process for stopbadware.org to be reasonably expedient considering the number of requests for review they must receive.
I must admit, however, that I don’t agree with the way FF3 or Google is handling sites that got hacked like mine did. It seems way too much of a “nanny state” mentality to me, especially since the same functionality is already built into many antivirus/antispyware/antiadware apps. I’m not saying that I want people to get infected with malware; I’m saying that I don’t think it’s the role of search engines or web browsers to protect people from it.
////////////////////////////////////////////
thx, gen.

This is not an intentional attack site

A couple of friends let me know that this site is being listed as an “attack site” in Firefox 3 and at least one antivirus program (Avast). This is not without reason. I found a hijacking script in my main index page today. I promptly deleted it, but am not sure how the script got there in the first place. I’ve taken steps to prevent it from happening again, but this is just another reason I’m leaving Dreamhost.
In the meantime, I apologize if this problem affected anybody, and this is NOT AN ATTACK SITE (anymore, admittedly).
I wonder how long it will take for FF3 to unlist me as an attack site now. According to this page, “The list of known attack sites is maintained by the community and updated regularly.” Hope that works both ways, for removing attack site status as well as adding it. Anybody know? (hint hint)
Here is the warning message appearing in Firefox 3: View image

Up and downtime

Events
(most recent first)

* 2008-05-12 20:48:53 : back_up
* 2008-05-12 20:26:41 : down
* 2008-05-01 08:47:43 : back_up
* 2008-05-01 08:23:32 : down
* 2008-04-23 16:44:38 : back_up
* 2008-04-23 16:23:35 : down
* 2008-04-23 11:04:06 : back_up
* 2008-04-23 09:42:43 : down
* 2008-04-23 07:25:46 : back_up
* 2008-04-23 06:22:13 : down
* 2008-04-22 21:58:23 : back_up
* 2008-04-22 21:38:37 : down
* 2008-04-15 09:32:48 : back_up
* 2008-04-15 09:07:26 : down
* 2008-04-14 20:01:38 : back_up
* 2008-04-14 19:15:55 : down
* 2008-04-13 19:27:38 : back_up
* 2008-04-13 18:33:51 : down
* 2008-04-12 10:52:25 : back_up
* 2008-04-12 10:20:14 : down
* 2008-04-09 15:04:10 : back_up
* 2008-04-09 13:55:31 : down
* 2008-04-07 07:28:48 : back_up
* 2008-04-07 04:49:12 : down
* 2008-04-06 16:21:53 : back_up
* 2008-04-06 15:56:56 : down
* 2008-04-06 12:47:18 : back_up
* 2008-04-06 12:24:23 : down
* 2008-04-03 23:34:56 : back_up
* 2008-04-03 23:13:55 : down
* 2008-04-03 16:07:12 : back_up
* 2008-04-03 15:23:11 : down
* 2008-04-03 13:44:23 : back_up
* 2008-04-03 13:21:35 : down
* 2008-04-02 16:10:30 : back_up
* 2008-04-02 15:45:28 : down
* 2008-04-02 13:13:02 : back_up
* 2008-04-02 12:46:49 : down
/////////////////////////////////////////////////////////////////////////////
Between this, the big Dreamhost billing escapade, and general site sluggishness, I’m thinking of jumping ship and already adjusted my billing plan to monthly payments in anticipation (when oh when will I have time to do this?)
It is such a pain in the ass to have to change webhosts again… Perhaps some company will figure out how to do it right some day…
The rest of my uptime reports are saved for posterity after the jump:

Continue reading “Up and downtime”