[wp-hackers] Need Help, I cannot figure this out.

Jeremi Bergman jeremib at gmail.com
Fri Feb 5 19:05:01 UTC 2010 

Thanks all for the help, here's what we have:

.htaccess file:

> RewriteRule ^admin(.*)$ http://mrsec.com/old/admin [L,QSA]


>
> # BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>


> # END WordPress


Activated Plugins:

  Advanced Category Excluder

 This plugin helps you to manage your content, RSS feeds, sidebar widgets,
and fine tune where you want to display your posts, pages, links, link
categories, or hide.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=advanced-category-excluder%2Fadvanced-category-excluder.php&plugin_status=active&paged=1&_wpnonce=653ee89a17>

 Version 1.4.3 | By DjZoNe <http://djz.hu/> | Visit plugin
site<http://ace.dev.rain.hu/>


 Akismet

 Akismet checks your comments against the Akismet web service to see if they
look like spam or not. You need a WordPress.com API
key<http://akismet.com/get/> to
use it. You can review the spam it catches under "Comments." To show off
your Akismet stats just put <?php akismet_counter(); ?> in your template.
See also: WP Stats plugin <http://wordpress.org/extend/plugins/stats/>.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=akismet%2Fakismet.php&plugin_status=active&paged=1&_wpnonce=055cb84e70>

 Version 2.2.7 | By Matt Mullenweg <http://ma.tt/> | Visit plugin
site<http://akismet.com/>


 EasySMS

 SMS message your readers and broadcast a new post to user cell phones
automatically. User group organization. Add custom carriers.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=easysms%2Feasysms.php&plugin_status=active&paged=1&_wpnonce=fd25bc4bf7>

 Version 2.0.7.2 | By Brian Fegter <http://www.misternifty.com/> | Visit
plugin site <http://www.misternifty.com/easysms/>


 Google Custom Search Plugin

 Integrate Google Custom Search into WordPress


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=google-custom-search-for-wordpress%2FGoogleCSE.php&plugin_status=active&paged=1&_wpnonce=56975eb3e8>

 Version 1.2 | By Aleem Bawany <http://aleembawany.com/about/aleem-bawany/>
 | Visit plugin
site<http://aleembawany.com/projects/wordpress/google-custom-search-plugin/>


 Google XML Sitemaps

 This plugin will generate a sitemaps.org compatible sitemap of your
WordPress blog which is supported by Ask.com, Google, MSN Search and
YAHOO.Configuration
Page <http://www.mrsec.com/wp-admin/options-general.php?page=sitemap.php>


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=google-sitemap-generator%2Fsitemap.php&plugin_status=active&paged=1&_wpnonce=a021c8be5d>

 Version 3.2 | By Arne Brachhold <http://www.arnebrachhold.de/> | Visit
plugin site <http://www.arnebrachhold.de/redir/sitemap-home/> |
Settings<http://www.mrsec.com/wp-admin/options-general.php?page=google-sitemap-generator/sitemap.php>
 | FAQ <http://www.arnebrachhold.de/redir/sitemap-plist-faq/> |
Support<http://www.arnebrachhold.de/redir/sitemap-plist-support/>
 | Donate <http://www.arnebrachhold.de/redir/sitemap-plist-donate/>

 There is a new version of Google XML Sitemaps available. View version 3.2.2
Details<http://www.mrsec.com/wp-admin/plugin-install.php?tab=plugin-information&plugin=google-sitemap-generator&TB_iframe=true&width=640&height=728>
 or upgrade automatically<http://www.mrsec.com/wp-admin/update.php?action=upgrade-plugin&plugin=google-sitemap-generator%2Fsitemap.php&_wpnonce=97dfad65fb>
.


 Mailing List

 Allow users to subscribe to mutliple mailing lists from your website. Send
out mass newsletters, manage newsletter templates, import subscribers and
much more.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=wp-mailinglist%2Fwp-mailinglist.php&plugin_status=active&paged=1&_wpnonce=aecd3bab2c>

 Version 3.6.7.2 | By Tribulant Software <http://tribulant.com/> | Visit
plugin site <http://tribulant.com/products/view/1/wordpress-mailing-list>


 MrSEC Options Manager

 Used to control the source for the main page (http://mrsec.com/)


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=MrSEC-options%2FMrSEC-options.php&plugin_status=active&paged=1&_wpnonce=9b2aabbc2d>

 By Robert L. Keen, Bergman Consulting <http://jeremibergman.com/> | Visit
plugin site <http://jeremibergman.com/>


 NextGEN Gallery

 A NextGENeration Photo gallery for the Web 2.0.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=nextgen-gallery%2Fnggallery.php&plugin_status=active&paged=1&_wpnonce=774055e10b>

 Version 1.4.3 | By Alex Rabe <http://alexrabe.de/> | Visit plugin
site<http://alexrabe.de/?page_id=80>
 | Overview <http://www.mrsec.com/wp-admin/admin.php?page=nextgen-gallery>
 | Get help <http://wordpress.org/tags/nextgen-gallery?forum_id=10> |
Contribute <http://code.google.com/p/nextgen-gallery/> |
Donate<http://alexrabe.de/donation/>


 Register Plus

 WordPress 2.5+ ONLY. Enhance your Registration Page. Add Custom Logo,
Password Field, Invitation Codes, Disclaimer, Captcha Validation, Email
Validation, User Moderation, Profile Fields and more.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=register-plus%2Fregister-plus.php&plugin_status=active&paged=1&_wpnonce=62e04c4883>

 Version 3.5.1 | By Skullbit <http://www.skullbit.com/> | Visit plugin
site<http://skullbit.com/wordpress-plugin/register-plus/>


 ShareThis

 Let your visitors share a post/page with others. Supports e-mail and
posting to social bookmarking sites. Configuration options are
here<http://www.mrsec.com/wp-admin/options-general.php?page=sharethis.php>.
Questions on configuration, etc.? Make sure to read the README.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=share-this%2Fsharethis.php&plugin_status=active&paged=1&_wpnonce=762237087d>

 Version 3.2 | By ShareThis <http://sharethis.com/> | Visit plugin
site<http://sharethis.com/>


 Simple:Press Forum

 The WordPress Forum Plugin


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=simple-forum%2Fsf-control.php&plugin_status=active&paged=1&_wpnonce=fcf2f7ce22>

 Version 4.0.4 | By Andy Staines & Steve Klasen<http://simplepressforum.com/>
 | Visit plugin site <http://simplepressforum.com/>

  Latest version available: 4.1.3 - Build: 2510 - The latest ultimate forum
plugin for WordPress, Simple:Press Forum version 4.1.3, is now available.

 THIS IS A RECOMMENDED SECURITY RELEASE FOR ALL USERS!

Please remember to protect any customisation you may have made to skins,
icons, program hooks or pluggable functions

 For details and to download please visit: Simple:Press
Forum<http://simplepressforum.com/> (Please
Note: Automatic Upgrade is not available)


 Simple Forum Cron Link

 Registers a cron job to pickup and post new stories to the forum every 5
minutes


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=simple-forum-cron%2Fsimple-forum-cron.php&plugin_status=active&paged=1&_wpnonce=b4f1e7c5b7>

 Version 1.0 | By Jeremi Bergman <http://jeremibergman.com/> | Visit plugin
site <http://jeremibergman.com/#>


 Simply Exclude

 Provides an interface to selectively exclude/include categories, tags and
page from the 4 actions used by WordPress. is_front, is_archive, is_search,
is_feed.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=simply-exclude%2Fsimplyexclude.php&plugin_status=active&paged=1&_wpnonce=88c3f61309>

 Version 1.7.6 | By Paul Menard <http://www.codehooligans.com/> | Visit
plugin site <http://www.codehooligans.com/2008/04/27/simply-exclude-plugin/>


 Target Blank In Posts And Comments

 Keep your visitors. Inserts target="_blank" into post and comment content
URLs and external links will open in new tabs.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=target-blank-in-posts-and-comments%2Ftarget-blank-in-posts.php&plugin_status=active&paged=1&_wpnonce=02f526064e>

 Version 3.2 | By Lazar Kovacevic <http://www.inverudio.com/> | Visit plugin
site<http://www.inverudio.com/programs/WordPressBlog/NewTabWindowTargetBlankPlugin.php>


 WP-EMail

 Allows people to recommand/send your WordPress blog's post/page to a
friend.


Deactivate<http://www.mrsec.com/wp-admin/plugins.php?action=deactivate&plugin=wp-email%2Fwp-email.php&plugin_status=active&paged=1&_wpnonce=02059b8d3f>

 Version 2.50 | By Lester 'GaMerZ' Chan <http://lesterchan.net/> | Visit
plugin site <http://lesterchan.net/portfolio/programming/php/>




The permalink setup is as follows:

  Custom Structure


Optional

If you like, you may enter custom structures for your category and tag URLs
here. For example, using topics as your category base would make your
category links likehttp://example.org/topics/uncategorized/. If you leave
these blank the defaults will be used.

  Category base   Tag base



Are you using any WP plugins to manage redirects or canonical URL creation?


No.


Jeremi Bergman

865-951-5354



On Fri, Feb 5, 2010 at 11:58 AM, Dave Viner <dave at vinertech.com> wrote:

I definitely agree with Mike.
>
> Here's an interesting test that I just ran.
>
> % lwp-request -SUse "http://mrsec.com/about" | less
> GET http://www.mrsec.com/story/about-12-minutes-of-good-basketball
> User-Agent: lwp-request/5.810
>
> GET http://mrsec.com/about --> 301 Moved Permanently
> GET http://www.mrsec.com/story/about-12-minutes-of-good-basketball --> 200
> OK
> Connection: close
> Date: Fri, 05 Feb 2010 16:50:53 GMT
> Server: Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny4 with Suhosin-Patch
> mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
> Vary: Accept-Encoding
> ...
>
> As you can see requesting the "About" page caused the server to issue a 301
> to the "About 12 minutes of Good Basketball" page.  This suggests that
> there's likely something wrong in your rewrite rules.  I would guess that
> the redirect occurs because the URL /about matches the beginning of the
> story URL (/about-12-mintes...)
>
> I'd look first to see if Apache is doing some rewriting itself.  Are there
> special rewrite rules you've enabled in the apache config?
>
> Alternatively, you can uncomment these lines from your apache config:
>
>
> #<IfModule mod_rewrite.c>
>
>      #RewriteLog "/var/www/vhosts/mrsec.com/statistics/logs/rewrite_log"
>
>      #RewriteLogLevel 9
>
>      #</IfModule>
>
>
> But, don't set RewriteLogLevel to 9.  Anything over 3 is a *massive* amount
> of information.
>
> If there are no special rules in the apache config or .htaccess, then, I'd
> move on to look at WordPress.
>
> The next thing to test would be the rewrite rules that are operating inside
> WordPress.  Something in there is matching titles too loosely.  I *suspect*
> that there's some regular expression that doesn't have the right start/end
> token in the regex (such that "/about-12-minutes.." matches "/about").
>
> Are you using any WP plugins to manage redirects or canonical URL creation?
>
> Dave Viner
>
>
>
> On Fri, Feb 5, 2010 at 1:22 AM, Mike Little <wordpress at zed1.com> wrote:
>
>
> > Jeremi
>
> >
>
> > A couple of things to check, when the wrong page is delivered, e.g. rss
>
> > feed
>
> > instead of about page, what does the apache log record? It will likely be
>
> > difficult to check when the site is busy but looking for a know ip
> address
>
> > at a specific time will help you tie it down. Does the apache log record
>
> > the
>
> > the request was for about or for the feed? If for the about page, then
> you
>
> > can rule out external, influences. I suspect you have got to that stage
>
> > already.
>
> > The next thing is to tie that request in with the rewrite logs  - I think
>
> > Shane has already determined that things look ok.
>
> >
>
> > So you are probably back to something going wrong within WordPress'
>
> > execution chain.
>
> >
>
> > It may be a shot in the dark, but I once had a vaguely similar issue with
> a
>
> > client's site. In this case the page title was being set to the wrong
>
> > thing.
>
> > So the home page might  have a title tag of search results! It
>
> > was intermittent (but was then cached by a front end caching server!) but
>
> > was defintiley happening under high load.
>
> >
>
> > I had just enabled All in one SEO plugin, and when I turned it off again,
>
> > it
>
> > went away.
>
> >
>
> > I think it was going wrong because AIOSEO does whole page buffering and I
>
> > believed that there might be a threading issue  with specific versions of
>
> > PHP and output buffering. So that the buffered contents of one request
> were
>
> > returned to the code running a different request. In my case the site was
>
> > running an out of date version of PHP, and running on Windows.
>
> >
>
> > I see you are not running on Windows, but I think it is worth checking
>
> > these
>
> > two things.
>
> > Are you running a plugin that does lots of output buffering?
>
> > and is your version of PHP up-to-date?
>
> >
>
> > Another thing I would try: When you get a wrong page - save the HTML and
>
> > headers. Then access the page you received directly and save the HTML and
>
> > headers. Compare the two pairs (possibly ignoring time stamps). If they
> are
>
> > identical, then the error may well be in the template/redirection logic
>
> > within WordPress and it's plugins.
>
> > If they are different, then I would more strongly suspect output
> buffering.
>
> >
>
> >
>
> >
>
> > Hope this helps,
>
> >
>
> >
>
> > Mike
>
> > --
>
> > Mike Little
>
> > http://zed1.com/
>
> > _______________________________________________
>
> > wp-hackers mailing list
>
> > wp-hackers at lists.automattic.com
>
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> >
>
> _______________________________________________
>
> wp-hackers mailing list
>
> wp-hackers at lists.automattic.com
>
>  <http://lists.automattic.com/mailman/listinfo/wp-hackers>
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>

More information about the wp-hackers mailing list