Posted on

19-Jun-2012

A day without Spam
Hard to believe but it happened: Yesterday there was one (1) SPAM message. If it was sent just 10 minutes later, there would have been no discareded or quarantained message at all.
Didn’t look into rejected messaqges – there have been a few, about 20. Not that much as have been handled daily in the past weeks.

Retried PHP update
Mark Berryman’s commented on the previous attempt that I reversed the next day. I made some mistakes….
Today I retried and took his advise: Do a clean install and use the supplied version of the interfacing program – because there are some differences that are incompatible with the version supplied by Mark Daniel – and the right version of PHP.INI that comes with the package.
Thougfh I still got the ‘depricated’ messages, these can be suppressed in the web-interface by canging the value to one of the configuration items, but still the blogs don’t show up. No error message using IE – but WATCH output showed a 500-error: Something is definitely wrong – but no clue on what.
So I used the PHP image on the same PHP-source:
$ php :== $php_root:[bin]php.exe
$ set def sysblog:[000000]
$ php index.php
PHP Deprecated: Assigning the return value of new by reference is deprecated in
/sysblog/000000/wp-settings.php on line 472
PHP Deprecated: Assigning the return value of new by reference is deprecated in
/sysblog/000000/wp-settings.php on line 487
PHP Deprecated: Assigning the return value of new by reference is deprecated in
/sysblog/000000/wp-settings.php on line 494
PHP Deprecated: Assigning the return value of new by reference is deprecated in
/sysblog/000000/wp-settings.php on line 530
PHP Deprecated: Assigning the return value of new by reference is deprecated in
/sysblog/000000/wp-includes/cache.php on line 103
PHP Deprecated: Assigning the return value of new by reference is deprecated in
/sysblog/000000/wp-includes/query.php on line 21
PHP Deprecated: Assigning the return value of new by reference is deprecated in
/sysblog/000000/wp-includes/theme.php on line 623
PHP Parse error: syntax error, unexpected $end in /sysblog/000000/wp-includes/post.php on line
3439
$

Again, the ‘depricated’ messages show up (although it has been suppressed in PHP.INI) but also another failure: Unexpected $end on the first included file. Weird, since the file hasn’t been changed in the update: It starts with tag <?php, but there is no corresponding endtag ?>. The PHP documentation on the tags clearly recommends omission of these end-tags if the code is pure PHP – as is in this case:

When PHP parses a file, it looks for opening and closing tags, which are < ?php and ?> which
tell PHP to start and stop interpreting the code between them. Parsing in this manner allows
PHP to be embedded in all sorts of different documents, as everything outside of a pair of
opening and closing tags is ignored by the PHP parser.

If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the
file. This prevents accidental whitespace or new lines being added after the PHP closing tag,
which may cause unwanted effects because PHP will start output buffering when there is no
intention from the programmer to send any output at that point in the script.

Nevertheless: adding it to the file seems to solve the issue for that file – but then the same problem arised on the next file, and the next….
Changing all 300+ files in that matter is not feasable. Even more: since it’s a recommendation to OMIT the end-tag, there should not be a need for it.
To be sure, I also dowloaded the latest WP version (3.4) and ran the INDEX.PHP file using the PHP command. I would expect an error message because wp-config.php isn’t there – but here again the parser complains on a missing end-tag:
$ set def wp34:[000000]
$ php index.php
PHP Parse error: syntax error, unexpected '>' in /wp34/000000/wp-blog-header.php on line 19
$
Depending on the file, it unexpectedly encounters “>” of “$end” on end-of-file – where the end-tag “?>” should be implied. At least, it looks that way.

But no more depricated interfaces, which is good.

So, again I had to revert the update.

The issue has been sent to the WASD mailing list. Hopefully there will be an answer soon…

Posted on

13-Jun-2012

Automatic maintenance
Regular maintenance on the any first day pof the month has been automated for quite some time and it’s very handy indeed if that moment occurs during the holidays! Returned last week and had to take care of other business (not IT related, for a change) so tonight I had a chance to check.
Nothing weird, as was to be expected.

PMAS statistics for May
Total messages    :   6802 = 100.0 o/o
DNS Blacklisted   :   1181 =  17.3 o/o (Files: 31)
Relay attempts    :     81 =   1.1 o/o (Files: 31)
Accepted by PMAS  :   5540 =  81.4 o/o (Files: 31)
 Handled by explicit rule
        Rejected :   4989 =  90.0 o/o (processed),  73.3 o/o (all)
        Accepted :    237 =   4.2 o/o (processed),   3.4 o/o (all)
 Handled by content
       Discarded :     89 =   1.6 o/o (processed),   1.3 o/o (all)
    Quarantained :    189 =   3.4 o/o (processed),   2.7 o/o (all)
       Delivered :     36 =    .6 o/o (processed),    .5 o/o (all)

Just on 3rd and 4th of June there have been massive amounts of spam; operator.log for these days are about 150Kb in size, where 10 to 20 is to be considered normal. Yesterday’s one was just less than 100, again quite a lot of SMTP messages….Guess they come from a Chinese source (still have to dig these).
On the FTP abuse fornt: it’s quiet as well, just the occasional attempt. Like yesterday: from adress 61.147.110.19 which resides in China as well: from the Jiangsu province network, according my souce (Robtex.com: free DNS services!) the base is haocssf.net, owned by China Telecom: blacklisted in a number of blacklists. He (since most abusers seems to be male, of am I wrong) has tried before: on the 9th and 10th, with the same (dumb) assumption of username: why do people think I would have an account named after the domain???
There are regular attempts to access wiki files of users I dumped before the holiday: The address looks familiar in examining the webserver logfiles: 173.231.41.82, owned by indiafocus.com, located in the US. But since the wiki is down (they don’t read the home pages…), there is no answer than the page stating this 🙂
The weblogs show more rediculous attempts, as usual. But since I don’t run Apache (on Linux or Windows) of ISS (on Windows) and do not use a standard naming scheme….