15/01/2021

2021/01/15#p2
# 0 comments: click to read or leave your ownReply by email

There were no more injections overnight but I'm not sure if that's because of the action I've taken or just because there were no posts yet today. Only the first post of the day was getting overwritten so it's hard to tell.

Things are going to be a bit janky for a while as I am completely rewriting sections of code so some things might not work for a while, permalinks and JavaScript toggles to open comments for example.

Let's see if this gets replaced...

cancel media
Leave a reply



Cancel comment

You can also send a Webmention.

2021/01/15#p3
# 0 comments: click to read or leave your ownReply by email

Numerous sections have been refactored and some additional mitigations have been put in place. Everything seems to be working properly and there are no PHP errors being logged - always a good thing. Hopefully I've caught everything but we'll see.

cancel media
Leave a reply



Cancel comment

You can also send a Webmention.

2021/01/15#p4
# 0 comments: click to read or leave your ownReply by email

Thanks to Eivind (again, 🙌) I've made further changes. I now have two new MySQL users with differing permissions: one to do INSERT, UPDATE and DELETE, the other to do just the SELECT statements. Both have only the permissions they require.

cancel media
Leave a reply



Cancel comment

You can also send a Webmention.

2021/01/15#p5
# 0 comments: click to read or leave your ownReply by email

I noticed that the file which builds the daily RSS feed didn't run from the cron job last night, and wouldn't today no matter what I tried to do.

Then it dawned on me that one of the mitigation measures I'd put in place was to prevent the config file from being run directly, only when included. And.... I forgot to include the relevant define() statement in the file.

Funnily enough, it's working now.

cancel media
Leave a reply



Cancel comment

You can also send a Webmention.

2021/01/15#p6
# 0 comments: click to read or leave your ownReply by email

What a day!

The work week is done but I'm on call so have to keep my work phone on me over the weekend. Still, it's not as if we're going anywhere ;) Well, I need to get rid of some rubbish at the tip but that's it.

It's looking positive on the MySQL injection front, there have been no more problems so far. I'm not counting my chickens just yet but I'm quietly positive.

We've had a decent clean and sort out for a couple of hours this evening and that feels good. There's definitely something therapeutic about throwing things away and getting everything else tidy. It's good for the soul.

I may even start putting some furniture together in the spare room over the weekend so things can get even more sorted.

cancel media
Leave a reply



Cancel comment

You can also send a Webmention.

2021/01/15#p7
# 0 comments: click to read or leave your ownReply by email

We're on the edge of a snow weather warning area for tomorrow so wishing for a good covering.

cancel media
Leave a reply



Cancel comment

You can also send a Webmention.

About
NOW | COLOPHON
Colin Walker Colin Walker colin@colinwalker.blog