Wordpress/PHP/Dreamhost web hosting question
May 13, 2008 7:30 AM Subscribe
Wordpress/PHP/Dreamhost web hosting question: I run Wordpress 1.5.2 on a particular web page which is hosted with Dreamhost. This web page has been running fine for years and I haven't done anything to change it. However, sometime within the last few weeks, the sidebar started "choking" on a particular line of code: Nothing after this line is processed or appears on the page. If this line of code is removed, everything else appears normally. Help?
Here's the code that's causing the problem (I removed the <> from the start and end of the line so that the code would show up):
?php dropdown_cats(true, All, name); ?
I'm assuming Dreamhost made some kind of change recently which caused this problem, but Dreamhost support is denying this. Suggestions? Thanks in advance.
Here's the code that's causing the problem (I removed the <> from the start and end of the line so that the code would show up):
?php dropdown_cats(true, All, name); ?
I'm assuming Dreamhost made some kind of change recently which caused this problem, but Dreamhost support is denying this. Suggestions? Thanks in advance.
Again, too little info to go on, but my money's on a host upgrade of either PHP or MySQL. MySQL 5, for instance, breaks all kinds of little hidden bits in older versions of OSCommerce. Might do something similarly hinky to WP. Ask them if they've upgraded either of those programs lately.
posted by jbickers at 7:54 AM on May 13, 2008
posted by jbickers at 7:54 AM on May 13, 2008
Best answer: Check which version of PHP you're running on that site (try switching to 4 if it's on 5).
If you (S)FTP into the site, you can find the errors in /logs/[domain]/error.log ; paste the error here we might be able to help.
posted by malevolent at 8:13 AM on May 13, 2008
If you (S)FTP into the site, you can find the errors in /logs/[domain]/error.log ; paste the error here we might be able to help.
posted by malevolent at 8:13 AM on May 13, 2008
Response by poster: Dreamhost rolled out new PHP4 packages back in January. Looks like they've done a fair bit of MySQL maintenance and changes recently - it could be that.
le morte, I'd love to upgrade WP, but I've personalized my installation a fair bit and I simply don't have the time to deal with the hassles I'd incur by messing with that. The current installation is meeting my needs (aside from this one problem) so I don't see any upside to messing with something that isn't broken.
I'm working on the error log issue now, I'll post what I find shortly. Thanks!
posted by trystero at 8:14 AM on May 13, 2008
le morte, I'd love to upgrade WP, but I've personalized my installation a fair bit and I simply don't have the time to deal with the hassles I'd incur by messing with that. The current installation is meeting my needs (aside from this one problem) so I don't see any upside to messing with something that isn't broken.
I'm working on the error log issue now, I'll post what I find shortly. Thanks!
posted by trystero at 8:14 AM on May 13, 2008
Response by poster: The site is currently running PHP 4.4
posted by trystero at 8:20 AM on May 13, 2008
posted by trystero at 8:20 AM on May 13, 2008
Best answer: If you look at http://www.arpel.org/ex/data.txt you'll find that's some fairly unpleasant looking code. It's trying to determine the base system and then run some arbitrary code and it's hoping to find somewhere in your install a script doing something stupid.... like loading offsite code and just running it.
Happily it looks like it's just some douchbag in Montreal smacking up against your system pointlessly, though it's possibly your older-than-dirt wordpress install HAS a vulnerability that WOULD be exploited if your webhost wasn't trapping that "page=http" chunk and preventing it from running.
I do not think this is your problem.
posted by phearlez at 8:56 AM on May 13, 2008
Happily it looks like it's just some douchbag in Montreal smacking up against your system pointlessly, though it's possibly your older-than-dirt wordpress install HAS a vulnerability that WOULD be exploited if your webhost wasn't trapping that "page=http" chunk and preventing it from running.
I do not think this is your problem.
posted by phearlez at 8:56 AM on May 13, 2008
Response by poster: I see. Okay, well I'm open to suggestion then. Thanks!
posted by trystero at 9:00 AM on May 13, 2008
posted by trystero at 9:00 AM on May 13, 2008
I'm also running a Wordpress 1.5 blog on DH, and we just started encountering some wierd Wordpress errors -- it turns out that our older-than-dirt installation was vulnerable, and that spammers had hidden some very dodgy links at the bottom of our page (google noticed too - that's been fun). I would suggest you view source and scroll to the very bottom to make sure the same problem hasn't happened to you. Until i can upgrade, i removed all write access for template files.
Good luck!
posted by ukdanae at 9:01 AM on May 13, 2008
Good luck!
posted by ukdanae at 9:01 AM on May 13, 2008
Response by poster: ukdane: Thanks for the heads-up. I don't see anything like that on my site, fortunately. Your information is beginning to tilt the scales in favor of upgrading, but then I'd have to take my site down for about six months until my schedule clears and I have the time to sit down and deal with the upgrade process. Not a fun choice, either way.
posted by trystero at 9:08 AM on May 13, 2008
posted by trystero at 9:08 AM on May 13, 2008
I may just be a paranoid dev, but I wouldn't want my site username posted to the web. You might email the admins and see if they will remove your Dreamhost username from your above error logs. Thats half of what I need to hack your site, the other half is only a good bruit force app away.
posted by B(oYo)BIES at 9:09 AM on May 13, 2008
posted by B(oYo)BIES at 9:09 AM on May 13, 2008
You really should upgrade your WP install, as others told you. Having one outdated script can put all your other files/sites/mails/etc on your webhosting account at risk.
Dreamhost offers one-click installs for Wordpress in their control panel, that also upgrade (semi-)automatically so you can keep Wordpress up-to-date without too much hassle. That way, you will always run a recent and secure version.
If your current install is not a one-click you should convert all your entries to the new install, but there are plenty of people around who can help you for a small fee. The same goes for your template, I don't think it will be very hard to copy the look and functions of your current site into a new (easily upgradable) template for someone who knows Wordpress.
posted by IAr at 11:04 AM on May 13, 2008
Dreamhost offers one-click installs for Wordpress in their control panel, that also upgrade (semi-)automatically so you can keep Wordpress up-to-date without too much hassle. That way, you will always run a recent and secure version.
If your current install is not a one-click you should convert all your entries to the new install, but there are plenty of people around who can help you for a small fee. The same goes for your template, I don't think it will be very hard to copy the look and functions of your current site into a new (easily upgradable) template for someone who knows Wordpress.
posted by IAr at 11:04 AM on May 13, 2008
Response by poster: If anyone can refer someone reliable to upgrade WP (and ensure that current functionality isn't lost), I'd appreciate the referral. Maybe that is the best solution, and I wouldn't be adverse to paying a reasonable amount for that sort of work.
posted by trystero at 11:13 AM on May 13, 2008
posted by trystero at 11:13 AM on May 13, 2008
Best answer: trystero: Ask the Dreamhost support people nicely and they will do the upgrade for you. Seriously. I was having trouble doing a one-click install on behalf of a friend and they told me if the fix they suggested didn't work, to login from the friend's account (panel) and submit the request for them to upgrade it for me. It ended up the solution was on their end (a path was out of whack) and I was able to do the upgrade to 2.5.1 myself. Just don't expect them to do it each time. If you follow my advice below and use the one-click install an upgrade should take less than 20 minutes and most of that will be waiting for Dreamhost to email you to say it was a success and to click a link to finish the database upgrade.
The only advice I offer is on how to keep your design tweaks. FTP to your WP install to where the themes are. Backup the theme you are using (especially if you simple hacked at another theme without changing the name of the folder). You can even FTP it to your local machine. After the upgrade, just copy the whole folder with the theme back (overwriting) and you more than likely will keep most of your design changes.
Good luck.
posted by terrapin at 12:35 PM on May 13, 2008
The only advice I offer is on how to keep your design tweaks. FTP to your WP install to where the themes are. Backup the theme you are using (especially if you simple hacked at another theme without changing the name of the folder). You can even FTP it to your local machine. After the upgrade, just copy the whole folder with the theme back (overwriting) and you more than likely will keep most of your design changes.
Good luck.
posted by terrapin at 12:35 PM on May 13, 2008
I don't recall what the verdict was on posting ads for one-off projects like this on Metafilter Jobs, but I imagine there's no shortage of people with php/Wordpress skill hanging around here who'd be willing to do a few hours work for a few bucks.
posted by phearlez at 1:01 PM on May 13, 2008
posted by phearlez at 1:01 PM on May 13, 2008
Response by poster: The problem, terrapin, is that I seem to recall modifying both the themes and certain portions of WP itself. So it's not just a matter of preserving my themes: it's a matter of keeping all of my existing functionality.
Maybe MeFi Jobs would be a good choice. I'll think about that.
posted by trystero at 1:08 PM on May 13, 2008
Maybe MeFi Jobs would be a good choice. I'll think about that.
posted by trystero at 1:08 PM on May 13, 2008
Yeah, an auto-upgrade when you've modified the core files means extra work—I've been letting the same headache keep me from doing a (not quite so overdue) upgrade.
A post to Jobs seems like a decent idea—there are a lot of webmonkeys around here who would probably be up to a little one-off gig—but if you want to scope out how much work you're potentially dealing with you might just try grabbing a vanilla 1.5.2 install and diffing the core files against your current install. If the modifications are somewhat isolated and don't cross too many files, doing an upgrade-then-manual-merge might not be as bad as you're fearing, especially if you set up a dummy domain for testing before you do it against the live site.
posted by cortex at 1:18 PM on May 13, 2008
A post to Jobs seems like a decent idea—there are a lot of webmonkeys around here who would probably be up to a little one-off gig—but if you want to scope out how much work you're potentially dealing with you might just try grabbing a vanilla 1.5.2 install and diffing the core files against your current install. If the modifications are somewhat isolated and don't cross too many files, doing an upgrade-then-manual-merge might not be as bad as you're fearing, especially if you set up a dummy domain for testing before you do it against the live site.
posted by cortex at 1:18 PM on May 13, 2008
This thread is closed to new comments.
I'm sure you don't need me to tell you that the version of WP you're using is very old - perhaps you should look at this as a convenient time to update?
posted by le morte de bea arthur at 7:50 AM on May 13, 2008