But today I feel like I’m learning new things that are really easily a part of my everyday life. It’s amazing how much my WordPress ‘free’ work has helped me in class, or my old MUSHing ‘free’ work with switches has helped me. Or … well, basically, all that fun stuff I do in my spare time? Really has made me smarter.

Playing games made me want to learn new things. Like ‘Well it’s great that I can use this command to shoot someone, but what I really want is…’ And with everything I’ve played (save my Wii), they’ve been Open Source code, so I was able to crack it open, study it, learn it, and run with it.

Not everyone can, but I did, and now, the college dropout no longer feels like she’s an idiot for not taking more computer classes, or finishing school. I feel like I just found a new way of learning which works for me. I feel very smart and very accomplished, even if a lot of this class is below my learned skills level. Mostly I’m using the class to learn how to use Visual Basic and Visual Studio. The latter is more important, as I’m supposed to be using it!

Which is probably a strange thought to carry in when I tell you I’m going to be talking about the latest WordPress release.

WordPress itself is a derivative piece of art. In a way, it’s both the hep, free jazz spirit from which its releases are named, and it’s the pop music Lady Gaga of the masses. WordPress says ‘Code is poetry’, and they live up to that, by encouraging open source development to the point that even my name is listed as a contributor this time around (search for ‘Ipstenu’ and you’ll see me).

Don’t get me wrong, WordPress has problems that make me tear my hair out. They really don’t have a good way to manage users, or comments. You can’t easily ban someone, and anyone can spoof anyone else in a comment. But. This is where the beauty comes in. Anyone can learn to write a plugin that does what they want (sure it’s hard, but that’s how you learn), or you can suggest a plugin that someone else says ‘Hey, wait, I can do that!’ That’s how I got started.

So WordPress 3.0 came out on June 17th, just 20 days after WordPress turned 5. I’ve been using it for a long time (since 1.5, give or take), and WordPress and I share a birthday, so I’ve always had a bit of love for it. As soon as the new version was released, I upgraded and went to the forums to see if I could help people out. Turns out there are some pretty common errors, so here’s the ‘How to fix a broken 3.0 upgrade’ routine.

Before you upgrade

Make a backup of your files AND database. You’ve been warned. If you’re using a lot of plugins, you may want to disable them. There are a few that have known issues with 3.0 (Events Calendar and Podcasting Plugin by TSG to name two). There are fixes out there for some, but check the plugin pages to see if they’re 3.0 compatible before you upgrade. There’s a semi list in the 3.0 Issues, Problems, Resolutions Thread on the support forums.

My upgrade failed!

• Install Memory Bump
  The issue is that WordPress sometimes needs more than the default 32 MB of PHP memory to upgrade to 3.0, due to the increased package size over 2.9. This is a “known issue”. The plugin Memory Bump should fix this. I tested it on a site where the upgrade just hung and did nothing and it fixed it.
• Increase your memory limit manually
  Can’t get in to add that plugin? Add this to your wp-config.php file: define('WP_MEMORY_LIMIT', '256M' ); — It will do the same as the plugin.
• Manually copy the files up
  That didn’t help either? Delete the folders wp-includes and wp-admin. Then download a fresh copy of the zip file from WordPress.org and copy everything up. Some people have had weird issues where files get overwritten incorrectly.

Upgrade done, now I get a blank page

This is the most annoying error! It can mean so many things and it’s hell to debug.

1. Delete the folders wp-includes and wp-admin. Then download a fresh copy of the zip file from WordPress.org and copy everything up. Yes, again. A file corruption can cause this.
2. Rename your plugins folder to plugins-old (via FTP or SSH) and see if that fixes it. If so, make a new plugins folder and copy your plugins back, one at a time, testing between each copy.
3. Make sure PHP is working at all. Make a page ‘test.php’ and put a simple Hello World script in. GoDaddy’s known to have some issues right now, and this may be that.
4. Add define('WP_DEBUG', true); to your wp-config.php file. This will at least give you an error. Take that error and google or post it to the WP Support forums.

I upgraded from WPMU

Go read WPMU Tutorials excellent post on the matter.

Where did you get the post title from?/h3>

Well Monk said it straight:
It’s out of town while you wait…
He knew the answer
This town’s a dancer;
So now is the time.
You know you can’t pack up the moment
And take it with you on the road.
So Now is the time.
– From the blues “Get it Straight”, known instrumentally as “Straight, No Chaser”

Two more controllers to start with. Most games are up to four players. This would mean less juggling around when people come to bowl. Also things like the DECA Sports apps, or Wii Sports Resort (which is NOW included in new purchases… All I got was Wii Sports). Games where you get in there and jump around are the most fun. EA Sports Active look interesting as does the Tony Hawk skateboard game.

For the gamey game side, I kind of like Legend of Zelda and Mario Kart (the latter because I could play with my friends across the world but also because I can drive). A friend has a copy of Super Mario Bros, which I should probably pick up one day and play to see if I like that.

What games do you have and why do you (or don’t you) like them?

So when someone asked me on the train “Do I need to buy this book about WordPress?” I had to stop and think about that.

The first answer I had was ‘Of course not!’ and I still stand by that. You don’t need the book. I didn’t need the HTML book I had back in 1997, but in the pre-Google days, it was great to have a handy resource. Even today, I have a set of these one-sheet PDFs with the basics of RegEx because I’m always forgetting this stuff. But there, in and of itself, is my problem.

Added Byte’s Cheat Sheets are invaluable. And they’re online. I download them and put them on my DropBox account so I can have them at work, at home and everywhere else. Even my flippin’ iPhone! So right away I realized pretty much everything is digital. I no longer bring pen and paper to meetings (I take notes on my iPhone, yeah, I’m bad-ass). I go to classes and make a list of URLs where I can get information on the various products I’m learning from.

The part that bothers me is not that I’ve gone digital, it’s that I feel bad about it. See, I make heavy use of people’s websites and online documentation. If they made a book, I’d buy the book, they’d get some money, and I’d never feel guilty about abusing their brains. I am a huge proponent of Open-Source and Share-and-Share-Alike (but remember to credit!), so the idea of giving away knowledge for free, just because someone asked me a question, is a natural, happy feeling. I want to make the world smarter, and nothing’s gained by me hoarding secrets about CSS formatting and PHP calls all to myself.

Perishable Press is one of my favorite sites. They’re on my RSS feed and I refer to this site regularly. This is where I learned how to redirect my WordPress feeds to FeedBurner without a plugin, I picked up some stupid .htaccess tricks, and I suddenly master bits of server security. When something I do regularly (review my error_log every Sunday) is mentioned as a good habit, I feel proud. Jeff Starr, who runs the site, recently made a book Digging into WordPress. I’ve skimmed it (a friend bought it after asking me if this Jeff guy knew his shit – I said hell yes he did), but I’m glad I didn’t buy it. Don’t get me wrong, it’s a great book, but I’m not about to pay for it since it’s not what I need.

I had to sit and think about why I didn’t want to buy the book. It’s not because I’m the best WP guru out there. I’m a happy kludgy amateur who enjoys playing around. I know enough to get my job done, and I know how to look up what I don’t know. That’s my strength, I feel. I know not only how to look things up, but where, and when to ask for help, and from whom. I’ve rarely had a problem that lasted more than a day, and I always take time to pay it forward and help out other people. Sure, sometimes I get cranky and tell them “Did you try Google?” but usually I’ll help.

Now that I’ve determined I don’t not-want the books because I’m smart, I had to think if it was the money. And again, no. I have NO problem paying for services I feel are useful. A reasonable fee is no one’s enemy! Look at Justin Tadlock’s Theme Hybrid! I can download his stuff for free (and I did), but if you want support, you pay per year. After a month of fiddling, I said ‘$25 isn’t that much, I’ll pay.’ I’ve never regretted it. Justin’s amazing, nice, and he can explain things for the thick-headed. On the other hand, there’s WPMU Dev, which has some of the best WPMU plugins I’ve ever seen, and yet I won’t pay for the site. They’ve pitched their prices at the big guys, and I’m not one of them. They would cost me more a month than I spend on hosting four domains, which is just insane. Plus some of their plugins cost extra, on top of their fee.

It’s not the money directly, it’s the money-to-product ratio. Justin’s Theme Hybrid is cheap at cost. I’d pay him $50 a year and still feel like I was getting more than my money’s worth. But if Justin wrote a book, I realized that I wouldn’t buy it either.

That was a revelation moment for me. There’s only one ‘code’ book on my desk, and it’s “UNIX in a Nutshell.” The old copy, revised in 1994. The only other book is a pocket dictionary which I actually use when spell check fails me. But that’s it. I have a “Unix For Dummies” reference guide (and I think a C++ ones as well) at home, and I use them often enough to justify them. But these are reference books. They’re also references for solid, baked, never changing systems.

And that’s the problem with books on things like WordPress, or even your OS or phone! Everything changes too fast. The technology moves faster than a book can be written, so you get a book just in time for the next version, where everything’s changed. Suddenly your book isn’t worth the cost anymore, and by the way, I’m just going to Google it anyway.

Going back to Digging into WordPress (which is $27 for a downloadable PDF that you can copy/past from), while I suspect some of the technical parts might phase out in a few years, if not months (WordPress 3.0 is on the horizon, and objects in your mirror are always closer than they appear), the authors went into more than just ‘How to make a perfect loop’ and integrating with Twitter. They talk about the basics on how to set things up, how to make things secure, how to run a site, and the mentality you’ll need to get through the day.

So should you buy that WordPress book? I can’t say yes or no. Never buy it sight-unseen. Skim it in the store, or read the previews on the website, and see if it’s more than just code. If it takes the time to explain things, then yes. Make sure it’s the book you need for your situation. If you’re really good with normal WordPress, but you want to step into WPMU (Multi-Site) and BuddyPress, you may not need a book since they’re all grounded on the same principles. That said, you may be more comfortable reading a book than relying on forums.

Could you get all that information for free? Sure. But sometimes it’s better to pay for ‘support’, even if you rarely use it. It’s also a good idea to ‘reward’ people who help you. I’m not saying you should toss me money via PayPal for helping you on a forum, but if you get all your tech support by coming here (or emailing me), a cup of coffee wouldn’t go amiss. Nor would just a tweet or a blog post to say ‘Hey, Ipstenu rocks!’ But more than that, if you’re making money off your blog, and someone bails you out, thank them. Publicly. Loudly. Everywhere. If they accept donations, toss them $5. Come on, it’s the cost of one extra-large, whipped fluffy Starbucks mocha-chino-latte-frappe.

After all, you’d pay more for their book.

Here’s what happened.

Friday April 9th I was surfing the net while working from home, using my non-virus protected Windows PC. Yeah, I know. While visiting a friend’s site, I got a weird pop-up saying ‘Such and such.com says your PC is infected!’ I told my friend, assumed nothing untoward happened, and went on my day, which included some FTPing to my domain.

Of note, I ALWAYS use SSH and SFTP. The first S stands for Secure. Of course, it’s not actually all that secure. I mean, they’re better than Telnet and FTP, but they won’t protect you from everything.

On Monday the 12th, I post a new blog post here and things go pear shaped. Cache is weird, people are getting errors, I can’t sort it out. I thought it was WP-Super-Cache, but then it wasn’t. It was insane.

On Tuesday the 13th, emails from my office to my home were bouncing. I thought it was my mailserver blocking my office!

Finally, Sunday the 18th, Taffy bitches “I can’t mail your father!” Now I get hands in and look. What do I see? “Connections not accepted from IP addresses on Spamhaus XBL.” And it’s listing MY IP ADDRESS!

Thank goodness, LiquidWeb was able to find the vector point of infection, which once they gave me the details, I knew it had to go back to that Friday. And they got me off the black lists pretty fast so everything’s okay now. But let this be a lesson, everyone! You’re only as safe as you keep yourself!

Recently, WordPress, my preferred blogging software, has been under attack by both hackers and critics. There were actually three attcks that all got lumped into one so I’ll try and break this down. If you’re of the ‘To long! Didn’t Read!’ variety today, you can get by with knowing this: If your WordPress install is not secure and if your web host is not secure and if YOU do not follow security practices, then you will be hacked. Period. Security relies on you, your web host and your web apps all being sensible about the whole thing to be effective. Remember, it’s okay to ask for help!

Also go read Hardening WordPress right now.

Okay, so security.

Back in Feburary/March, there was a sudden influx of users complaining their sites had been hacked by inii.info, whereby the hack was to edit the wp-blog-header.php and change it so any time a search engine bots visited your site, they went to inii instead. This matters because search engine bots collect information about your site and use it to rank your website against all the other sites about a given topic. There was a second hack where a file named ... (yes, three periods) had even more redirect code in it. And it was heavily encoded so you couldn’t read it without decoding.

The reason I call this a Media Temple hack was that it seemed to be prevalent to Media Temple installs. While at first people jumped the gun and said ‘It’s WordPress!’ Media Temple came out with a detailed Q&A about the matter and the attack appeared to affect ALL webapps via compromised passwords. If Media Temple ever revealed what happened, I’m not aware of it, but it wasn’t just WordPress that was affected. They ended up changing DB passwords for every webapp, from Drupal to vBulletin.

In early April, there was another rash of hacks, this time targeting Network Solutions. This time, it looked like a clear cut case of database changes. WordPress, like most PHP/SQL apps out there, uses a database to store all its information. In this instance, the database entry for the site’s URL was changed from (for example) http://ipstenu.org to an iframe link I’m not reproducing here.

At the same time, there was a ‘Pharma’ hack, where links with ‘pharma’ in them were slipped into your site, in a rather genius fashion. Chris Pearson has a decent explanation on the matter, but I feel he’s barking at the wrong car for part of it.

Chris and Media Temple and Network Solutions and a horde of people on Twitter and forums every where jumped up and said “AHA! It’s a WordPress hack!!!111!” Which … well, yes, but not exactly. As the very wise Andrea_r put it, there’s a difference between attacking WordPress installs and targeting WordPress installs.

An analogy if you please. There’s a rash of break-ins in a small town. The houses that are broken into are all bungalows. People shout ‘Aha! It’s a problem with bungalows not being secure!’ The police look into the matter and find out that in every house broken into, the bathroom window was left open. Now, is this the fault of the builder, who designed bungalows to have a window people could fit in through or is this the fault of the residents who didn’t close and lock their windows?

If you said ‘It’s a little of each!’ then thank you, you can stay after class and clean the erasers.

Security depends on many things, but to the topic at hand, server security is a tripod, and relies primarily on these three legs:

• The Web Host is responsible for making sure the sever itself is up to date with the latest patches etc, and that the server is configured in a safe way.
• Web-apps are responsible for not unleashing needless insecurities to the system.
• The end-user we pray to the flying spaghetti monster that they’ve not done something to violate security out of ignorance.

To understand how these hacks all worked, yes all of them, you have to look at the perfect storm. This is what had to happen in order for all these accounts to be compromised:

1. Someone saved their wp-config.php file in a way that it was readable by the free world.
2. Someone scanned for and found that file.
3. The user was using their ID and Password, rather than creating a DB user just for the blog.
4. That account had read access to other accounts on the same server
5. The malicious user used the account to scan for other wp-config.php files, even if they were saved securely and compromised their accounts/databases as well.

That’s a lot of wrong on one box. With most webhosts, you’re on what’s called ‘Shared Hosting’ which means a whole mess of people are on the same server, each with their own ID and password. Much like if multiple people have IDs on a desktop PC, the inherent security of the server does not allow Joe to look at Jane’s files, unless she saves them in a public space. Alas, one a couple sites, this was not the case. SO Joe, who saved his wp-config.php file with 777, and used his server ID and password to access his database in that file, was compromised. And once the hacker had Joe’s information, he scanned the entire server and hurt everyone.

Ouch.

But wait, doesn’t that mean it’s WordPress’ fault for saving passwords in the wp-config.php file in a way a hacker can read them!? Well, yes, it’s certainly WordPress’ ‘fault’ but you have to realize that doing so is an accepted risk of most PHP/SQL webapps, in that for the SQL DB to be read, the password to that database must be kept in clear text (i.e. not encrypted). This is in the wp-config.php file.

Okay, so it’s Joe’s fault for saving his file in a readable fashion? Somewhat. By having their wp-config.php file set so that anyone can read it (bad permissions – 777 for example), Joe put himself at risk. This IS NOT a flaw in web-app or the ISP, it’s just … well, ignorant (unless the ISP is forcing the file to be 777 to run WordPress, at which point it’s their fault, and yes, there’s an ISP that does that!). In addition, I know a lot of people who, instead of making a DB user for their blog, will put their server ID and password in that file, which means once it’s been read, ANYONE can log into that server as them. I suspect this is done from ignorance as well. By the way, your server ID and password is the same as your FTP user ID and password in most cases.

Back to WordPress, shouldn’t they check for that? Maybe. But it’s not that easy, since there are a lot of different ‘acceptable’ security settings for that file, and it all depends on the server. Maybe one day WordPress will figure that out, but right now they tell you to make it secure.

What about the web server? They are responsible for making sure that if Joe User set his WP config file to 777, and put their server ID/Password in there, the worst they can do is shoot themselves in the foot by preventing them from reading anyone else’s user directory. Limit the destruction on a per-user basis. There are a lot of Shared Hosts out there with lax security policies, which makes this more prevalent than I’d like.

Hopefully that made sense.

All of these hacks seem to be looking for people with wp-config files that can be read, logging into the account as the user (or the database user), and either adding files that edit the database, editing the database, or both editing the database and adding the fake plugin files.

Once your server is insecure, because of compromised IDs and Passwords, you have to go back to zero, reset ALL your passwords, scan your PC for viruses, and be careful. Remember, if they have your password, they can do everything you can do.

Good luck out there. Be smart, be secure, be safe.

Edited to add…
Also check out Mark’s well written post about how your security? Is your responsibility. Because dude, is SO is.

ClamAV is an tool that you put on your server and it detects malicious software. In short, it’s a server virus scanner and most servers use it to scan email for viruses. Now those of you who use stuff like McAffee and Norton and other virus scanners for your email, you may not know that servers also scan for that stuff as well, and try to kill the emails before they ever get to you! Yeah, think about how many emails with viruses you get. Personally, I’ve never had a problem with viruses and not because I use a mac. It’s because I pay attention to the content and context of an email before I open any attachments.

But this is about ClamAV and server-side scanners.

The story starts with my twice a week check of my server. I like to keep tabs on what it’s doing, how it’s doing, what’s going on, etc etc. I was a little surprised to see my server load spiked. Server load is sort of how you know how hard your server is working. A high load means its looking at a lot of work. A low load is ‘better’ but you have to admit that you’re going to have SOME load, so you may as well figure out what’s a good load for you. I’ve had problems with WordPress and right now I’m using WP Super Cache (See “I take it back. WP-Super-Cache is a Super Hero” from September 2009).

The point is, I know that a spike like this is okay:

That spike there was when I ran a small upgrade. You’ll notice how after the moment, it drops back down and has a happy nice day? That’s how things are supposed to work. A spike with traffic and then everything’s happy again. Great.

So what does this mean?

Yeah, I took a look at that, paled, and asked myself ‘What in the four hells is going on!?’ I did the logical thing and looked at the date and time. Noon on Monday I’d made a change to the firewall, moving from the perfectly acceptable, though harder to manage (no GUI), APF Firewall to CSF. That move was a TEENY bit on the spur of the moment, as I wasn’t having any problems with APF per se, but I was being hit up by a lot of spammers and my usual attacks of http:BL and Bad Behavior weren’t cutting it. They’re front end fixes to the ongoing spam problem, alas. I hate spammers.

Worried that my new firewall was ‘bad’, I started to Google if CSF caused high server loads. And found nothing. So I went back to the beginning and checked top. Top is a unix command that you use to see what’s using up resources on your server. It’s like Task Manager for Windows, but it’s a lot more informative. Top lets you see details and sort and basically when you want to find out what ran off with the spoon and killed your server, baby, I’m the bottom and log on to top. Top showed me, interestingly enough, that ClamD was using between 70 and 90% of my resources. On a slow week, like the net generally has for entertainment sites between Christmas and New Years, that’s not really a problem. There’s not a lot going on with the sites I host right now, the extra CPU usage wasn’t a problem. Come back on January 20th, though, now that’s a problem.

But the thing of it is, back in September, I optimized my server and I remember reading on multiple places that ClamAV and ClamD use up a lot of resources and people turn them off. So I did.

Isn’t that much nicer?

The real question, at the end of the day, is if having ClamAV turned off causes more problems than having it on? So far, no one’s breached my servers, though that’s a function of my firewalls, and SpamAssassin seems to be taking care of the spam emails, which is where most viruses come from in my experience, unless the server’s hacked, at which point I’m kind of screwed anyway. But what I find myself wondering now is if it’s dangerous to not be using ClamAV or what. And I don’t have an answer to that yet.

There is and it’s called Gravatar

See, I only actually have to upload my avatar in four places, because Gravatar takes care of pretty much 90% of the sites I visit. Every site run by WordPress (either .org or .com), every sit running bbPress or BuddyPress all use this thing called Gravatar. I use it here and at any site I run. It’s a Globally Recognized Avatar. That means that every site that patches into the open API system can pull avatars from that site.

Now, I’ll admit there are some downsides. If Gravatar goes down, no one gets avatars. Oops! But when you think about it, not even Twitter is self-hosting your avatars anymore! Your images are actually hosted on the Amazon servers. Surprise! Still, the idea of having a consistent ‘me’ image on multiple sites with no extra effort for me is a bonus, and that’s why I Gravatar. Sometimes I’m delighted to make an account and find out that, right away, I’ve got my ‘me’ image! It’s tied into my email account, and everyone’s happy.

Just like an email address and user name, your avatar should be selected with care (I’m looking at you, MrLongDong47 with the baseballs and bat image that’s suggestive of you know what). It shouldn’t be offensive, it shouldn’t be animated — no, really, I hate you people and your animated avatars. For those of us who, sometimes, get the chance to browse from work, your animated avatars catch the eye of the bossman and get us in trouble. Also they make people queasy. But the image should reflect you in some way. Should it ‘be’ you? Should it reflect your website or the rest of your Internet presence?

It’s a complicated question, asking who we are virtually. Personally, I pick a generally safe image of something people know I like (The Question) and I make sure the colors are too garish. Right now, they’re orange and blue which is a little surprising, but they remind me of a few sports teams before everyone decided sports could only be white with red, blue or black. It stands out a bit more than my old one, but I think, as a whole, I like it. It reflects the fact that I’m a comic book geek, but also that I’m particular in my fandom. It’s hand crafted (I made it with GIMP today) so if someone has the exact same avatar, I know they stole mine.

Of course, now the next question is “Do I revamp this site to be more like the new Gravatar?” No. I just changed some of the header images to have Xena, The Question and Batwoman. There’s a theme here…

Enjoy the picture of my brother.

After having my domains on three different servers for a long time, I mathed it out that it’d cost me the same to put ‘em all on one VPS (virtual private server). After calling up my ISP (the fanfreakintastic LiquidWeb) they had me all moved over without me having to fuss! Combine two shared accounts into one VPS? Sure, done. I suspect my next bill will look … weird, but that’s okay. I’m sure that even if it’s all messed up, I can call them and get it sorted out.

The first thing I did was make sure everything was running and then I left it alone for a day. Did anyone notice? No? Good, the fix was in!

Then I started fiddling. I didn’t know a lot about VPS, having only mucked about with a RedHat distro before, and LiquidWeb provided me with cPanel and WHM, which I’d never used before. They also had the very familiar shell world for me to jump into. Google being what it is, I quickly found a VPS Optimization Guide that gave me some ideas to start.

What I’ve Done So Far
My memory usage, with one beefy site and two baby sites, was hitting 50% which, in my mind, was bad. Now the beefy site runs off WordPress which is known to have these issues. My CPU was barely passing 0.01 (yes, that’s right) though, so that was good. My first thought was to try WP-Super-Cache again, except last time I did that, CPU went through the roof and stayed there. Also, you lose dynamic feeds etc (unless you use AJAX) and I’ve heard great things about WP-Super-Cache but the fact that it’s not a locked in part of WP has always made me wonder as to it’s viability. If it really was that good, or the only solution, it would be built in. Not to knock it, but I consider it only one option.

While I know I need to optimize WP, my first stab was to optimize the server. Except that I didn’t. I switched from Zend to APC. Now, I’m not really sure if that was the best thing to do. I find a lot of people clamoring that APC is better and since I’d had weird issues with Zend before (outright borking MediaWiki if not configured specially), I decided to give APC a shot. If someone has info on some benchmarks or a good link to why APC is better than other PHP cache tools, I’d like to see them.

Then I removed Clamd (and ClamAV). Yes, I know it’s virus scan software, but I’ve never actually seen it catch anything. What I run on the server, and what my ONE (yes one) resold client will run, aren’t going to get caught by it. We run the same stuff. So call it a calculated risk. I also turned off EntropyChat (never gonna use it), MailMan (resource hog), Analog Stats and Webalizer (leaving AW stats, though personally I use Woorpa and Google for stats). Gave the server a bounce after all that and my memory dropped from the 50-th percentile to the 30s. I consider that a success.

My only issue is that my phpinfo page looks weird…

See? No idea what happened there.