kuwamoto.org

Last night, jean and I went to Aquavit in Manhattan. The food was phenomenal. The service was great. The decor was good. So why was the place more than half empty at 9pm on a friday night?

There is a sadness to eating delicious food in a half empty restaurant, which is preferable to the indignation I feel when eating lousy food in a crowded restaurant. (Actually, let me correct that. Half empty restaurants don’t have to be sad. The most joyful experience is to eat great food at a place that is half empty because it hasn’t been discovered yet. Why is that? Is it the snobbish joy of being “in”?)

The whole experience left us shaking our heads wondering what went wrong. Are new yorkers just over the herring and lingonberries? Is itthe lack of foam and xanthan gum? To be fair, the place has been arpund for 20 years and maybe people just want something new.

Was it worth it? I think so. For us San Francisco hicks, a chance to eat upscale Swedish like this is a treat. All of the dishes were great, and some were mind-blowing. One of the standout dishes was a combination of foie gras, duck confit covered in crisped rice, arugula sorbet, and apple puree.

Tonight, we eat at Degustation, which, being a 16 seat restaurant, had better not be half empty!

A few weeks ago, I got an email from Google saying that my site was full of spam, and that my site was being removed from the indexes. The email contains a sample of the spam words (in my case, it was viagra, cialis, etc) Sure enough, it turned out that my blog had been hacked to include lots of words/links that were made invisible via CSS. Pretty distressing stuff.

For those of you in the same boat, here’s what I did to remedy the situation:

1) Most of the damage was in the form of obfuscated code that made use of base64_decode(xxxx). To find this code, go to the root of your site and do a grep base64_decode -Rl ./* It should be pretty easy to use your judgment about what code to remove. This code was inserted into my theme files (found in wp-content/themes/ThemeName).

2) To be extra sure, do a Google search for the offending words on your site. (e.g., viagra site:kuwamoto.org). For me, this turned up another problem with the site, which was that URLs of the form http://kuwamoto.org/?aff=1234 were being redirected to a different site (selling pharmaceuticals, natch). This code wasn’t obfuscated with base64, so I didn’t catch it in step 1. In my case, it was an extra file, so I just blew it away.

3) Look through your posts, pages, comments, etc. In my case, one of the links on my blogroll had been compromised.

4) Upgrade your WordPress installation. As recommended in the WordPress documentation, I used the automated upgrade plugin which worked like a charm.

5) Follow the recommendations at http://www.noupe.com/how-tos/wordpress-security-tips-and-hacks.html and http://sitening.com/blog/2008/04/08/wordpress-security-vulnerabilities/.

6) If you are using a hand-rolled theme (as I was), make a copy of it somewhere so it is easier to restore if it ever gets hacked again.

7) Change your passwords, and make a promise to yourself to be good from now on (keep WP and other software updated to the latest version, use SFTP instead of FTP, etc).