Comment for Michael Carden about comment spam

Posted on June 30, 2007 by Chris Samuel

I read on PLOA that Michael Carden briefly tried to open his blog for comments, only to find:

The WordPress UI balked at deleting 194,000 (okay, I ignored it for a while) comment spams. I had to dig in as admin and run a fun sql query on the database to delete all 47 meg of them.

I guess I’ve got a couple of suggestions for Michael to make his life a little easier should he decide to try again.

Akismet has an option to “Automatically discard spam comments older than a month“, that might help (though it’d be nice to be able to adjust the time).
Run, do not walk, to Rich Boakes most excellent Worst Offenders plugin. This will both group comments for deletion based on various criteria but also (if you have permission) add Apache “Deny From” rules for the offending IP addresses. It’s also worth bumping the number of IP addresses it can ban up, Donna’s blog is up to over 8,000 at the moment!
There are also tools like Bad Behaviour to try and catch bots before they get to you and if you are a member of Project Honeypot then there is the http:BL WordPress Plugin to check and block IP’s listed as baddies there.

Anyway, I hope that helps some people out.

Alec switches to WordPress

Posted on June 28, 2007 by Chris Samuel

My old friend Alec Muffett has switched his Dropsafe blog to WordPress. Looks a lot nicer!

Migratedata – a Generic Database Conversion Tool

Posted on May 25, 2007 by Chris Samuel

Andy Ballam left a comment on my post about migrating from PostNuke to WordPress mentioning a tool he’s created called migratedata that I though deserved a wider mention..

This might be helpful to people: Iâ€™ve just started a project called migratedata (http://migratedata.sf.net/) that provides a framework for migrating between all different types of databases without writing any SQL – just editing an XML file.

It comes with an example that will migrate from PostNuke to WordPress 2.2. Nice work Andy!

Oddpod – Donna’s new Podcast with Caiseal Mor

Posted on May 7, 2007 by Chris Samuel

Well after a few months of tinkering around my fab wife Donna has her new podcast Oddpod off the ground!

Her first guest is Caiseal Mor:

Caiseal Mor is best known as a bestselling fantasy fiction novelist. Those managing his public image have portrayed him to the public in many ways, none of them as a man with autism. Here Caiseal talks to autistic author, Donna Williams, about his decision to go public with his autism, a diagnosis he had in late childhood.

ObTech: The podcast is recorded using Cubase and then some extra tweaking done with Audacity under Linux. We’re using WordPress with the excellent PodPress plugin to deliver it from our Debian Etch Linux virtual machine (using Xen) hosted with those nice folks at Rimuhosting.

Welcome to WordPress, Russell!

Posted on April 28, 2007 by Chris Samuel

Russell Coker, SELinux developer, Bonnie++ maintainer and fellow LUV person has now switched from Blogger to his own WordPress installation, which makes leaving comments a hell of a lot easier! 🙂

He’s also now got a blog on “random things that are large or of limited interest“, though why that isn’t just a category on his main site (and using WordPress’s handy “more” marker to stop the whole thing showing up on the front page) I’m not sure.

Anyway, welcome to WordPress Russell!

Further Adventures in OpenID Delegation Land

Posted on April 23, 2007 by Chris Samuel

Having gotten OpenID delegation going I had to go and play some more.. 🙂

Now I was a bit puzzled about the OpenID XRDS Url mentioned in Eran’s plugin, I don’t see if being created at WordPress.com and the thought of just putting a URL in there and hoping is a bit, well, unsatisfying. Now that isn’t Evan’s fault, it’s just the fact that the WordPress service isn’t that well documented for delegation and I was hoping for something that would go a little bit further.

Before I found Evan’s OpenID Delegation plugin I came across Will Norris’s WP-Yadis plugin (originally wp-xrds) but it didn’t really work under PHP5 and so I had quickly skipped over it. Having found myself not quite happy with the outcome of using Evan’s (again, not his fault) I decided to go back and see if I could fix up the PHP4 code that wasn’t happy with PHP5.

Now it turns out it wasn’t that hard to fix, just 3 instances of foreach() where a variable needed casting to Array. That let me put in the OpenID Server Url and OpenID Delegate Server Url that I had been using previously and magically created a XRDS (aka Yadis) document. Brilliant I thought.

But wp-yadis could do more, it already had a set of definitions for a number of providers so that you could just pick the one you wanted and give it your username and let it automatically generate the URLs, but there wasn’t anything for WordPress. A bit more hacking later (to add a substitution to the server URL that was previously only happening on the delegation URL) and it was working!

I’ve sent Will the patch by email, but as the licensing isn’t clear I can’t really make it available here without Will’s approval.

OpenID Delegation To WordPress.com

Posted on April 23, 2007 by Chris Samuel

Now that WordPress.com blogs include an OpenID server for free and most WordPress users have an account there as they need it for Akismet to work, it turns out they can use it as the invisible back end to authenticate via their own WordPress blogs (hosted elsewhere) using the concept of delegation.

I thought it would be interesting to try and get OpenID delegation going on this blog as a proof of concept, and because I’m tired of commenting on Tim Connors blog as anonymous. 🙂

Now whilst OpenID delegation requires nothing more than a couple of lines of HTML, on a site that is dynamically generated like a blog you need a bit of code to add that into the front page, otherwise it’s not going to work. With WordPress that is done via plugins and casting around I found Eran Sandler’s OpenID Delegate plugin which I took for a spin.

It’s easy to install, a single PHP file in your wp-content/plugins directory, and then an OpenID Delegation item appears in your Option menu. Clicking on that and you will see three cryptically named options:

OpenID Server Url – this is the URL that access the OpenID server code
OpenID Delegate Server Url – this is the URL for the OpenID that you possess
OpenID XRDS Url – this is a URL for a special file that is supposed to control the delegation

Initially I tried setting http://????.wordpress.com/ for each field (where ???? is the name of my blog at WordPress.com) and that almost, but not quite, seemed to work according to the OpenID validator. It took me a while to figure out what was needed, but from this forum thread I found a clue that I’d missed a necessary option on the OpenID Server URL.

So, what got it to work for me (and presumably will for you too) is:

OpenID Server Url: http://yourblog.wordpress.com/?openidserver=1
OpenID Delegate Server Url: http://yourblog.wordpress.com/
OpenID XRDS Url: http://yourblog.wordpress.com/

The proof that it works ?

A successful comment on Tim’s Live Journal using my blog as the OpenID server. That’s enough to make me happy..

Fake WordPress/2.1-alpha3 Trackback Spam Countermeasure (and a factoid) (Updated)

Posted on April 22, 2007 by Chris Samuel

For those of you who control your Apache server driving your blog and who would like to easily block the incoming tide of spam with the fake user-agent “-- WordPress/2.1-alpha3” then all you need to do is to add the following to your .htaccess or central Apache configuration.

BrowserMatchNoCase "-- WordPress/2.1-alpha3" spambot=1 Order allow,deny deny from env=spambot allow from all

That should then cause the spammers to bounce off with a 403 “go away” error. You can also lather, rinse, repeat for other spam user-agents you would prefer not to let into the house..

On another point, a couple of them (one each in Brazil, Holland and Israel) had a fake SMTP server listening on port 25:

220 ESMTP service ready help 250 ok quit 250 ok quit 250 ok bye 250 ok ^] telnet> quit Connection closed.

Very odd!

Update: Also see Fight Blog Spam with Apache.

Upgraded to WordPress 2.0.6

Posted on January 6, 2007 by Chris Samuel

I’ve just upgraded to WordPress 2.0.6 as it has security fixes in it, so if you spot anything odd with the site please leave a comment and let me know!

If comments don’t work for you then you can always reach me by sending an email to chris at the domain csamuel.org. I’m really bad at replying to email though!

Script to Migrate Postnuke to WordPress 2

Posted on January 6, 2007 by Chris Samuel

Almost a year ago now (Jan 2006) I migrated my blog from PostNuke to WordPress and to do that I used a hacked version of Bryan’s PHP migration script (which I found here thanks to Rich Boakes), but I never got around to publishing my changes. 🙁

Changes applied:

Migrate PostNuke topics to WordPress categories
Update comment counts in the WordPress database
Update category counts in the WordPress database

Just had an email from someone asking about it, so I’ve decided to publish it now, so here is my hacked version of a Postnuke to WordPress Migration PHP Script.

It assumes a blank WordPress 2 install, and I last used it with WordPress 2.0.0 so caveat emptor!

Licensed under the GPLv2 (or later), as per the original.

The Musings of Chris Samuel

Computers, science, archaeology and other random burblings

Category Archives: Wordpress