Since I do these software and hardware tests to learn about them (and they are interesting and sometimes fun, too), I will shortly document here the technology used for this new blog site:
- HP Proliant ML 110 server
- Powerware UPS 5115-750i/6 uninterruptible power source
- Fujitsu-Siemens Storagebird XL external 250 GB disk for backups
- Linux Ubuntu Drapper Drake (6.06) operating system
- Apache 2.0.55 web server software, with several extensions, including mod_php5, mod_rewrite, and mod_ssl (for several different features, including more secure system access)
- PHP scripting language version 5.1.2
- cURL, with libcurl version 7.15.1 (for enhanced URL manipulation)
- phpMyAdmin, a set of MySQL administration scripts for web-based access
- mySQL database server and client, versions 5.0.22, with various extensions for PHP, Python and other uses
- Postfix mail transport agent (v. 2.2.10) with various antispam tools and safeguard implementations, necessary for the WordPress notifications such as registration password mails to go out
And on top of those, the actual blog:
- WordPress, version 2.0.2-2, with numerous plug-ins for comment spam management, Flickr and email integration, Cron-jobs, and so on.
This is not the most recent version of WordPress, but I let Ubuntu to maintain my software packages through its Synaptic Package Management, to maintain compatibility and automated system upgrading. But in this case the latest stable release of WordPress (2.0.4) had implemented an important change by removing ‘Check Admin Referer’ security measure, which was exactly that feature which created most troubles in this installation. Admin Referer is a logic where WordPress tries to make sure that only the rightful admin has access to all admin pages by checking that the previous page accessed was also part of the admin console. In my case there was an error in the way the blog address (URI) was registered into the database, leading to a situation where every attempt to fix the error was stopped by the Admin Referer check, which did not think I was coming from correct admin pages (due to the previous faulty registration of the WPress install directory). A complete Catch-22 situation. In the end, I had to learn to edit the mySQL database manually in order to fix the wrong entry, and installing, comparing and learning all the tools needed for this took also more time. The more current WordPress versions use something called Nonce to pass a unique code from page to page during the administration processes. Good luck so that you never have to get stuck into this particular hole.
Read more:
http://comox.textdrive.com/pipermail/wp-hackers/2006-April/005666.html
http://asymptomatic.net/2006/06/01/2370/what-is-all-this-nonce-sense/
frans goes blog 