I lowered the number of spam comments coming into WordPress from ~160/day to ~18/day by renaming wp-comments-post.php. That’s the file name that all WordPress installations use and it’s a welcome sign for spammers. It doesn’t matter what you rename it to, just make sure to also rename it in your template. It makes upgrades a bit more of a pain, but it’s just one tiny change to make after uploading the files.
Akismet is great and blocked most of the 160/d spams I was getting, but not ever having the spam enter the system is even better. I got the idea after seeing incoming POST requests to that URL without an existing GET request to a post. I now see 404 requests incoming to wp-comments-post.php which proved my theory and makes me smile.
Sidenote: I wonder why WordPress doesn’t default to requiring a random token in the form of a hidden input to be sent with a comment? An invisible CAPTCHA if you will, but it would require a lot more work to spam (a GET request before each POST is twice the work and would result in an even greater slowdown as you have to wait for the request to get back to process the page before you can send the POST). Perhaps to promote Akismet?
I just caught and stopped an interesting spam attack for my WordPress installation. Someone had the admin password and put dozens of spam links into the most recent post. That in itself isn’t too interesting other than how they got the login (I had used an out of date version of WordPress for a while, though the spam did start after upgrading to the latest), but interestingly the spammer updated the post about a dozen times, alternating between removing the spam and then adding in new sets of links. That’s how I hadn’t noticed it, I just happened to view the post when it was normal. The links themselves were never visible, they were in an HTML comment and CSS styled to not show, which also made it more difficult to detect. WordPress keeps all revisions now, but it doesn’t track info on them other than author. It would be nice to have the IP of this joker so I can have some fun, for that I’ll have to dig through my logs.
The spam links themselves were mostly to other sites where you could set up an account (like College Humor) and on those pages were finally the links to a scuzzy site selling questionable pharmaceuticals shipped directly from India. It’s a global enterprise–product from India, a customer service number in Texas and the domain registration in Estonia.
Update: After digging through logs it looks like it was an attack on the XML-RPC feature in WordPress. Adding to the global enterprise, the attack was from Latvia and the IP (91.203.68.3) is a known spammer. I don’t use XML-RPC so I took the easy way out and deleted the file. This had been a vulnerability before, but was supposedly fixed. Either way, it’s gone.
I hadn’t looked at traffic figures in quite some time, but after moving servers I did a bit of log browsing and found that Mobile Drudge Report is doing a lot of traffic. It probably has something to do with the election, but it’s an impressive number of organic hits. Even better is the interesting browsers, all sorts of user agents come by. The most fascinating of these is WebTV… Who knew that was still going?
I have updated the parser a few times over the years, but it’s mostly been running on its own. I don’t actually use it myself these days, but it’s nice to know that thousands of other people find it useful.
Discussion of Drudge’s tail spin into false hope for McCain is for another day.
I’ve had a Slicehost account open for a few months (mostly to show off Django projects to clients) and I finally got around to moving some real sites–including this one–to it. The plan is to phase out the dedicated server at The Planet.
There was a bit of a learning curve, I’ve never had to do all the setup by hand before, but I’ve got it running smoothly. I’ve got nginx sitting up front, reverse proxying to Apache when necessary. Email’s being handled by Google Apps. I was still using POP for my personal mail, so the IMAP from Google is a welcome addition.
This “if you unlocked your iPhone you’ll be bricked” announcement is appalling and in my opinion exceeds all of the [many] recent stumbles. Apple is admitting that there is code out there that can ruin their $400 hardware. Way to let everyone with a vendetta against Apple know the best attack vector for an iPhone virus. iTunes could easily be written to verify the firmware before applying any updates (that’s what hash functions are handy for, such as what they did in the iPod database format).
Despite whatever Apple says this is just a way to make sure they continue to get their vig from the wireless carriers they sold their soul to. Shame on you Apple. Shame on you.
Don’t listen to the box office numbers, Grindhouse is great fun. I caught a showing last night and was entertained for three hours (like most people who have actually seen it). The first movie was a gritty zombie fest and the second a Tarintino dialog driven rod-rod fueled show. And unlike a lot of movies, Grindhouse ends on a high-note. One of my favorite scenes was the very last one. If you like gritty movies and comedic violence, go check it out.
This is CTIA
Originally uploaded by jonknee.
If Bluetooth waves cause cancer, sign me up for some clinic time. CTIA is a wireless battle zone.