Mojo’s Pick of the Week – The Wrecking Crew (Movie)

The Wrecking Crew“The best band you’ve never heard of” is probably the most common description of this group of hard-working musicians that were behind most of the biggest hits of the 60s and 70s. They were so good at what they did they earned the nickname “the Wrecking Crew”.

This funny, bittersweet, and frankly mind-blowing documentary was put together by Dean Tedesco, the son of the late guitarist Tommy Tedesco, whose guitar has been heard on everything from the Beach Boys hits to the theme song for Bonanza to the soundtrack for Jaws. Dean made this doc as a tribute to his late father back in 2008, but the movie was only released this year after clearing the rights to the many songs in the film.

The movie is not only a tribute to Tommy, Carol Kaye, and the rest of the crew; it’s an insight into the life of a studio musician, into the workings of a music studio, and into music history itself. It’s a must see for any musician and lover of classic American rock and roll. I would recommend watching this, followed by another great doc, the bittersweet “Muscle Shoals“, and ending with Dave Grohl’s own studio tribute, “Sound City“. Then go watch “Love & Mercy“, the Brian Wilson biopic. There’s your weekend movie viewing right there, you’re welcome!

Imdb description of the Wrecking Crew

Official Trailer:

Sharing is caring!

How to Recover from a WordPress Hack

Wordpress LogoI’ve been an IT professional for two decades. I’ve been through just about every IT and security disaster you can imagine, except for one. A hack on a personal website — in this case the one you’re reading now. Let me tell you what I found and how I fixed it.

One recent morning, I went to create my Pick of the Week post, and instead of being able to log into my site, I was met with a note that said ANONCODERS followed by a list of the hackers’ handles. This was a surprise, because I keep everything as up to date as possible. I immediately went to work with the standard operating procedure:
1. changing my login passwords to stronger ones
2. changing the passwords of the associated email addresses
3. backing up my files and database.
After clicking the ‘forgot password’ link and resetting my admin password, I was able to get in to the WordPress dashboard and verify that all my posts and files were still there, I just couldn’t browse to them.

The next step was searching for obvious files that were changed in the last two days and removing them, and then the tedious process of looking through the rest of the files to see what I missed, and sweating every minute that it wasn’t fixed. I knew I was racing against time.

Was I worried that someone would steal financial information? No, there’s none on my site. Nothing like that. I was worried because I know that once your compromised system gets picked up by security sites, your site and domain will be blacklisted. Once your site is flagged, it affects your traffic, your search rankings, and turns away all those eyeballs you work so hard to funnel back to your little home on the web.

Cyber SecurityThe hacker message remained after I removed the files I could find, so I then installed the Wordfence plugin, which will do a scan for changed WordPress core files and look for known exploits. It did find a couple suspicious files I missed, but I still couldn’t get to any of my pages. In the meantime, I installed Bulletproof Security on my other WordPress sites and changed those passwords as well.

The next step was to reinstall WordPress in place through the update panel. WordPress updated smoothly, but even with a fresh install and all the plugins turned off, the problem persisted. At this point I had a sinking feeling that the hacker code was in the database somewhere, but I couldn’t find any unusual tables or fields looking in my host’s phpMyAdmin and comparing to another known good site.

It wasn’t until I ran a scan from the Sucuri site that I saw some information that led me to the last problem: some malicious Javascript had been placed in a sidebar widget. I simply needed to delete it in Appearance > Widgets to finish clearing the site. The whole ordeal was over in 24 hours, but the lessons remain.

An ounce of prevention really is the best cure. Honestly, it’s not that hard to use strong passwords or even two-factor authentication, and it’s not that hard to take steps to keep your site from being the ripe low-hanging fruit. But we get complacent and think it will never happen to us, I understand, believe me. Trust me when I say that a small amount of extra work up front will save you time, anguish, lost clicks, lost revenue, and loss of trust in your brand.

Recommendations: keep your site and plugins up to date with the latest patches. Use strong passwords and don’t use those passwords on other sites. Install a security plugin to help harden your site and alert you when something unusual happens. Be careful when installing third party plugins that haven’t been updated recently, or that are not well known. And maybe most importantly, make regular local backups of both your site files and your database.

Another recommendation is to not use the username “admin” as your administrator for any site. Since I installed the security plugin, I’ve been getting constant alerts about attempts from all over the world to break in by brute forcing the password for admin.

Important and helpful links!


Hardening WordPress on the WordPress Codex has great advice
Bulletproof Security plugin
The 7 best WordPress Security Plugins according to Infosec


Help I think I’ve been hacked from the WordPress Codex helped get me off the ledge
How To Completely Clean Your Hacked WordPress Installation
How to clean a hacked site using Wordfence was helpful and doesn’t require Wordfence to follow
Cleaning up an infected website – Part I: WordPress and the Pharma Hack

*AnonCoders is a group of Palestinian web terrorists that pride themselves on defacing American and UK sites, then bragging about it on Facebook and Twitter. This is somehow vigilante justice in the name of Palestine. Good job making people sympathetic to your cause. Not.

Sharing is caring!

Mojo’s Pick of the Week – Brown Sabbath

Brown SabbathBrown Sabbath, the wooly alter ego of the Latin ensemble Brownout, itself an offshoot of Austin, Texas’ Grupo Fantasma, was supposed to be a one night stand but turned into a very popular project that spawned an entire album of Black Sabbath covers.

Brownout bills itself as “hardcore Latin funk” and they do bring the Latin funk to Sabbath classics like Iron Man, The Wizard, and Fairies Wear Boots, seen below in a professional live video done for the Do512 Lounge Session series.

The songs are actually quite faithful to the heavy blues rock spirit of the originals, infused with a little funk and a surprisingly appropriate horn section. Check it!

Find Brownout on the web

Sharing is caring!

Mojo’s Pick of the Week – Iron Maiden “The Book of Souls”

Iron Maiden Book of SoulsThis week marks the return of the mighty Iron Maiden with their 16th studio album, “Book of Souls”, which recalls their classic form with a refreshingly retro sound. In fact their first studio album in five years is a DOUBLE album, and includes an 18 minute opus called “Empire of the Clouds”.

Check out the first video release from the new album, “Speed of Light” which, in keeping with the throwback sound of the album, brings us mascot Eddie in a 16-bit Donkey Kong style video game as he goes for the girl!

This epic album drops at roughly the same time as the revelation that Bruce Dickinson, lead singer and pilot of the band’s jet Ed Force One, is battling tongue cancer. Wishing Bruce all the best and hope to see them on tour soon. Up the Irons!

Iron Maiden on the web:

Sharing is caring!