Unable to create directory-parent directory writable? wordpress 2.7
June 28, 2009
I was having uploading images on one of my Wordpress 2.7 & 2.8 blogs. It gave me the following error:
Unable to create directory /home/username/server/wp-content/uploads/20XX/MM/ Is it parent directory writable by the server?
After a long time searching I found this solution from http://www.cyriac.me
Step 1: Log into your admin panel
Step 2: Go to Settings>>Miscellaneous
You will see two options,
Store uploads in this folder
Full URL path to files
Most probably you will see/home/.boogee/XXXXX/XXXXXXX/wp-content/uploads
in the first field.
Step 3: Edit that to just
wp-contents/uploads
Some people were suggesting that you solve the problem my making the folders permissions 777, meaning anyone can do anything to that particular folder. As a security guy, I knew this was a bad idea (and it also did work for me 
). I kept searching and ran into that solution.
Worked like a charm! thanks cyriac for putting solution on the blog.
Popularity: 1% [?]
More GMAIL Problems
November 22, 2008
This was news I could not ignore because I really, really like Gmail. These hacks are ridiculous. I hope that google is getting a handle on this. It looks like the accounts are getting hacked with some sort of script that runs from a site or email while gmail is opened:
According to David Airey & gnucitizen.org:
The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.
– gnucitizen
As many of you already know on November 2nd, MakeUseOf.com’s domain was stolen from us. It took us about 36 hours to get the domain back. As we have pointed out earlier the hacker somehow managed to get access to my Gmail account and from there to our GoDaddy account, unlock the domain and move it to another registrar.
You can see the whole story on our temporary blog makeuseof-temporary.blogspot.com/
I wasn’t planning to publish anything about the incident or cracker (person who steals domains) and how he managed to pull it off unless I was completely sure about it myself. I had a good feeling it was a Gmail security flaw but wanted to confirm it before posting anything about it on MakeUseOf. We love Gmail and giving them bad publicity is not something we would ever want to do.
Now the thing is the domain name domainsgames.org is protected by Moniker and they hide all the contact info for it.
Domain ID:D154519952-LROR
Domain Name:DOMAINSGAME.ORG
Created On:22-Oct-2008 07:35:56 UTC
Last Updated On:08-Nov-2008 12:11:53 UTC
Expiration Date:22-Oct-2009 07:35:56 UTC
Sponsoring Registrar:Moniker Online Services Inc. (R145-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:MONIKER1571241
.
.
.
.
Name Server:NS3.DOMAINSERVICE.COM
Name Server:NS2.DOMAINSERVICE.COM
Name Server:NS1.DOMAINSERVICE.COM
Name Server:NS4.DOMAINSERVICE.COM
More at Makeusof.com
Popularity: 17% [?]
Ahmadinejad’s blog hacked and defaced
January 24, 2007
“Iranian President Mahmoud Ahmadinejad’s Blog we dealt with last week”
Ahmadinejad has a blog?! I wonder who else within the “axis of evil” has blogs. Chavez? Kim Jong Il?
Popularity: 8% [?]
Analyzing 20,000 MySpace Passwords
September 18, 2006
In a day where browsers are coming out with anti-phising tactics, I can not believe how many people still fall for phising. It’s all over the news, and most email clients display warnings. So when I got an email from “Admin@MySpace.com” I kind of chuckled.
I have a friend who is constantly getting her MySpace account hacked. There seem to be lots of security issues in MySpace.
Popularity: 5% [?]
Why Subdomain Hosting is Bad
July 20, 2006
“A quick look at why offering non-reseller subdomain hosting is a bad idea and can expose your passwords to malicious hostees.”
I’m glad I stubbled across this. I was going to host on Wordpress Mu, but now I think I’ll stick with Blogware until I can lock down WPMU. Wordpress is a superior product (more intuitive, better SEO design ect) But WPMU is just too new. I don’t feel comfortable having a buch of customers on such a shake, new system. I will likely host my own set of blogs on it until all the major bugs are worked out.
Popularity: 7% [?]
Dvorak's Blog Spam Fix
September 26, 2005
Dvorak gets no spam, now he gets no blog spam.
But my spam problems have just begun:
I started getting nailed with casino, porn and commercial site spam. They trackback promoting Disney Trips, penis enlargements or, my favorite, Texas Holdem. I still get a few spam links about every few weeks or so. And I'm currently getting and giving traffic to a casino site.. and I haven't figured out how that is happening. I'm sure these bastards are usings some kind of software to locate vulnerable (anonymous accepting) blogs and nuke them. I've had to terminate my anonymous comments and I'm thinking of shutting down my Trackbacks. I also blocked a few repeat offenders. For me, that is unfortunate because the interaction (free comments, links to and from relevant sites of many different oppinions) is the coolest thing about blogs. Blog innocence has come and gone over night.
Appearently, Marc Perkel at ctyme.com has found a way to get rid of all spam providing you are using apache and on word press.
He does it with this code:
< location /blog/wp-comments-newpost.php >
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^.*dvorak.org/.*
RewriteRule ^.* http://www.ctyme.com/comment-spam.html
< /location >
Popularity: 9% [?]
Comment Spammers Exploiting Open blogs
August 16, 2005
I've recently experienced an increase in spam traffic on my blog.
It started when I got about 20 comments in one day on one of my least
popular articles. I could see that the porn spammer had dug deep
into my site and found a seemingly insignifigant article to place about
100 links. I deleted them imediately and blocked the IP from
whince they came.
The very next day I had fifteen more. I delete those and blocked
that IP. I've been forced to turn off my anonymous
comments. One of my favorite things about blogs is that anyone
can say anything – they so refreshingly interactive that they create
these close relationships with readers.
Unfortunately, casino, porn and pill spammers also see the power of
blogs. They target blogs with anonymous comments and
trackbacks. And they use thousands of hacked computers to act as
proxies so that even if you block their IP they've got plenty more ways
to get to you.
I've blocked them and I'm still seeing traffic coming from their sites
which tells me that they have linked to my site and my visitors are
clicking into their site then coming back to me.
Here is a list of Casino Spammers retreived from Netaloid.com
“Finding our Poker Spammer’s identifying links is easy. Just
visit one of his web pages by using one of the thousands of spam links
he left on your site. Like poker.terashells.com, for instance. Then
click on the links to the casino sites. You’ll see something like (or
identical to) this:”
http://www.pacificpoker.com/default.htm?sr=904970&flag=0002
http://www.partypoker.com/index20100.htm?wm=2445773
http://www.empirepoker.com/index.htm?wm=2170658
http://banner.casinolasvegas.com/cgi-bin/redir.cgi?id=N&member=onlinecas&profile=lv2m
http://www.888.com/default.htm?sr=611794&flag=0002
http://www.starluckcasino.com/slcasino/links/56296.html
http://www.aceclub.com/aceclub/links/1790.html
http://www.reefclubcasino.com/default.htm?sr=806320&flag=0002
For more on legally stopping Casino, Porn and other spammers visit:
http://www.thepetitionsite.com/takeaction/353566831?ltl=1124161500
http://www.theregister.co.uk/2005/01/31/link_spamer_interview/
Popularity: 73% [?]
Google Hacking Explained
July 19, 2005
What is Google hacking? How is Google used by hackers as a tool? Read this article for more information.
Johny Long, author of the official Google Hacking book will be at the Las Vegas, NV Defcon 13 Convention signing books.
Popularity: 8% [?]
Absolutely Del.icio.us – Complete Tool Collection
June 27, 2005
del.icio.us is a very popular social bookmarks manager. This is possibly the largest collection of tools related to del.icio.us and is constantly updated.
Popularity: 20% [?]
Del.icio.us Daily Blog Posting
June 24, 2005
Content is king. The more quality content you manage the more traffic you get. There are a few methods of creating automated content that seem to be greatly over looked Here is one:
Del.icio.us:
Del.icio.us has a built in automated tool that allows its users to recieve automated updates to their online bookmarks.
If you login and goto the “Settings” tab and look under Experimental you'll see “daily posting blog.” Select “add new thingy”
Here are links with detailed instructions on how to configure the “add new thingy”:
Moveable Type:
WordPress:
Nozell (Rhyms with Oh, Hell)
Typepad:
HERE IS HOW I did it:
Get the Del.icio.us RSS URL of your choice (orange RSS button located in the bottom left corner). Copy and paste that code into the RSS Parser of your choice. List of RSS Parsers:
http://p3k.org/rss/?setup=true
http://rssxpress.ukoln.ac.uk/
http://www.rssgov.com/rssparsers.html
http://del.icio.us/tag/rss+parser
It will take the RSS and crank out HTML with content baked fresh daily as the del.icio.us tag is updated. With no further work on your part. What a lazy bastard you are! You are getting new content with no work while everyone else slaves away by copying & pasting and children are still dying in Africa. If you select a popular tag, it will actually send stuff you haven't seen on CNN, Digg, Slashdot or anywhere else… very entertaining at times.
Popularity: 100% [?]
