This blag has been hacked. Sorry.
As those reading by RSS may have noticed, there are ads being inserted periodically into the bottom of xkcd blag posts. They’re hidden from the web view. This is due to a security hole in WordPress 2.7.x and 2.8 (and possibly others). davean is watching packet flow and trying to figure out exactly how it happens, but in the meantime, sorry for the annoyance. One way or another, it should be solved soon.
I just had extremely minor surgery this morning (removing a lipoma from my right arm). I’m fine; it’s just a paranoid better-safe-than-sorry thing. But I’m writing this under the influence of the lingering anesthetics and my first-ever Vicodin. No interesting side effects so far other than dizziness, a higher rate of typing errors, and the tendency to zoom images all the way in and stare at them for several minutes at a time. Why *is* that cat in the ceiling, anyway? Hello, internet.
Get ready for possible rage when the effects wear off. You may or may not have that.
Using Wireshark?
As I understand it, we get waaaaay too much traffic to watch properly — there’s no way to save the flow. So clever tricks have to be devised.
Glad to hear you’re OK
I haven’t noticed any ads in the RSS feed though.
This ceiling cat?
https://www.7chan.org/b/src/124436681092.jpg
Link died – sorry. This one is good, still:
http://kuvaton.com/kuvei/ceiling_cat_is_watching_you.jpg
Wow, Adblock works better than expected.
I was going to make a Dr. House joke but couldn’t think up a good one.
I’ve run into this in the last several versions of WordPress, and weirdly have never been able to find an “official” explanation of how the exploit works or even an official acknowledgement that the problem exists. So far I’ve seen versions that comment out the spam code, use the noscript tag to hide it, or use various style definitions to make it invisible. From what I can gather, it’s mostly used to artificially inflate search rankings on the spam site by making it look like a lot of blogs are linking to it.
I just gave up and added my own blog to my RSS aggregator so I could glance at the posts every day and make sure there wasn’t anything hidden in them. Very annoying.
Weird. I’ve viewing the blag both at home (with chrome and no ad blocking) and at work (with IE 6… *shudder*), and I have yet to see any ads pop up in google reader. Maybe google reader finds a way to filter them out.
We’ve been deleting the ads from the database; not sure at what rate they’re coming back right now, if at all. If they’re there, they’re in the source, containing the text “bablooO-start”.
I wouldn’t necessarily call this a hole in WordPress. Especially not in 2.7.1+ those are pretty tight. I’ve seen a couple cases of this specific hack and it’s always been executed through an old not-updated plugin/
Until you find out what’s inserting the ads, have you considered just making your posts table read only? People can still comment, and you can make it writable again if you need to make a post. There may be some way to do it in mysql; easiest way to do it I know of is to make the mysql files for the table have permissions 444 . MySQL won’t hang, it’ll just say “table is read only” and won’t do inserts and updates on it.
Thanks. Now I know what that little bump on my back is.
that cat. he is, er, watching you
the effects of vicodin sounds an awful lot like the effects of driving after being awake for a day and a half. it’s a good thing i didn’t also try to type anything. so did you keep it? seems like the sort of thing one should have floating in a jar on a high shelf somewhere, for mystery’s sake.
We ran into the same thing recently, apparently babloo as well, but we’ve seen footer.php modified, which sounds different from what you describe. Very annoying indeed.
Not to turn this into a support group, but I get those silly fatty tumors, too, and I am (still, just barely) closer to your age than to the age they typically start to appear according to Dr. Wikipedia. I’ve never had one removed, though.
Hope those cells are completely uninteresting to the pathologist. Speedy recovery to you and to the spam-plagued RSS feed.
(My captcha is, bizarrely enough, “soberly”. I don’t know what that’s supposed to imply, either.)
Epic
I love that Wikipedia has picture of the removed lipoma next to a Sharpie.
In other news, I went to Omegle today and the first thing the Stranger said was “Let’s get down to business.” When I said, “To defeat the Huns?,” he/she then made continue reciting the lyrics to the entire song…coolest website (after xkcd) ever.
Nah, they need to biopsy it.
P.S. Vicodin-induced dreams are CRAZY. I’m not sure I want to go back to sleep.
try to make a comic , under the effects of vicodin so i will be real crazy comic
I have a lipoma on my back above my left shoulderblade, its not hazardous, but my girlfriend calls it my bump, and my mom refuses to think its anything but a dangerous cancer. geez
“The hacker could be anywhere in the world by now!”
“Don’t worry; I know regular expressions.”
Hmm… The comic’s really good when you’re on painkills. Consider substance abuse?
I read via RSS, but not once have I ever seen the ads.
Get well soon.
But Dave, the comic is *always* really good. if the limit of awesome as (some arbitrary) x goes to infinity is already infinite, adding 420 for substance abuse will make no noticable change. The awesome is still limitless
I have one of those on the back of my leg, it’s completely benign, and it’s placement no one over sees it. But sometimes I’ll shift in my seat and rub it accidently and it will be painful for a second.
Yeah, so that’s that. Enjoy your vicoden high.
Dude that sucks.
Condolences from some guy you’ve never met (y)
Perhaps you’d enjoy a static blog engine, like Jekyll.
You can use your favorite editor and version control system, manage comments entirely by e-mail if you use Disqus etc. See my blog (click my name) for an example.
Good thing I haven’t upgraded past WP 2.6.1 then!
FYI, that cat is in the ceiling to watch you masturbate.
Try playing flow ( http://www.us.playstation.com/flOw/ ) while on pills such as vicodine. In that foggy state of mind, you might suddenly experience it as the best thing ever made. With the lights, and colors, and soothing sounds… and eating everyone you come across!
How big was the lipoma? Mine was 23 grams.
I’m afraid I don’t get the Apocalypse comic
What are they signing?
I like to consider myself somewhat of an expert on the zombie apocalypse, but I find myself asking the same question as Steve^^
A Wikipedia search on Paul Erdos revealed that 90% of living mathematicians have an “Erdos number” lower than 8. This is kind of like the “six degrees of Kevin Bacon” game, wherein people are connected to Kevin Bacon by having worked with him, or with people who have worked with him, and so on; in this case, Erdos is Bacon, and the proximity depends on whether one had collaborated directly with him, or with someone who had, and so on.
Therefore, I gather that the math faculty have all signed a theorem the protagonist quickly wrote up, and they are getting Erdos to sign it so that they can claim to have collaborated with him, and get lower Erdos numbers.
Ah, that explains it. I actually looked up his article, but I didn’t scroll all the way down. Gah!
Pingback: Dagbok för 19 June 2009 | En sur karamell
I have an Erdos number of 4. What’s the lowest here?
ah, i see now… I looked up that article too, but like steve didn’t scroll down far enough lol, thx
In case you haven’t already seen it, I thought you might be interested in this link sent to me in an email by my boyfriend, the subject line of which was ‘xkcd predicts the future!’
It’s weird how, on some places in the internet, and with some things, you know that a link is a link to Wikipedia without even looking to see where it goes.
I had a lipoma removed from my right arm last week. Get out of my mind/life!!!
Although mine turned out to be a lump of fat, no need for a biopsy. Good luck for yours.
Never worked with a lipoma exactly, but liposarcomas are the most disgusting things I’ve ever seen and likely at least superficially similar. My condolences to the pathology department.
> I have an Erdos number of 4. What’s the lowest here?
2
I’m a fossil though
Well, I haven’t got an Erdos number to speak of, but I can certainly recommend that you enjoy the opiates while they last.
I also have an Erdos number of 2, and I’m young enough that Erdos died when I was just beginning high school.
i was on vicodin once for my wisdom teeth.
it *almost* made /b/ funny.
Wow! You’re already on wikipedia for it, under “in popular culture”
Did the Vicodin make you attempt to perform differential diagnoses on patients, but only if they were “interesting”?
OK, I’m crap at House reference jokes, but I’d like to see anyone else try. *Stares around creepily.*