Insane Cock Brothas - HUGE BLACK COCKS

Earlier this evening, while my family and I were enjoying dinner at a local Japanese steakhouse, WordPress 2.0.5 "Ronan" was officially released to the world. This latest release consists mainly of minor bugfixes, minor feature enhancements, and a couple of database speedups. There is also a minor security fix.

There is a known bug related to sites running under FastCGI, but a workaround is available in the form of a plugin.

Upgrading is painless, so hop to it!

Bookmark to:

I like to think that I've got some pretty decent spam prevention measure in place on my server. My mail server uses RBL/DNSBL services and sets maximum limits for certain protocol violations. All my blogs use Akismet for comment spam detection. I've got a large number of entries in my comment moderation and blacklist lists. And I hook it all together into my SpamValve plugin, which automatically adds firewall rules to block repeat offenders.

Still, though, occassionally I get bursts of traffic that either aren't detected by these measures, or that are detected, but the process of handling the connection causes excessive load on the system. When that happens, I typically add new code to my SpamValve plugin to automatically block future attempts at the firewall. Here are some of the things that have caught my eye recently that caused me to take action:

GET requests for trackback URIs

When WordPress detects a trackback using HTTP GET instead of POST, it redirects the client to the permalink of the associated post. But that's all it does. I flag that as a possible spam attempt. If I get several of these from the same IP, I temporarily block that host at the firewall.

Bogus User Registrations

I once saw a flurry of fake user registrations on one of my sites. I'm not sure what the purpose was, but it annoyed me. User registration attempts get flagged. There's no legitimate reason why I should get more than 5 user registrations from the same host in a 48 hour period. So if I see that happen, I block the host.

Direct (non-referred) posts to wp-comments-post.php

If an attempt to post a comment doesn't have an HTTP Referrer that comes from this site, it's flagged as a spam attempt. The comment is still processed normally, with the usual Akismet spam/ham checks, and if it doesn't appear to be spam by other means, the comment appears on the site. But if more than a few of these come from the same host, the host will get blocked. Yes, there are personal firewalls and browser privacy extensions that strip the referrer information out. But I doubt that anybody using those is going to need to post more than 5 comments here in a 48 hour period. Still, this is probably the one rule of mine that is most prone to false-positives. But it's not likely enough for me to lose sleep over it.

Too many spam comments from a host

And, of course, if a blog comment is flagged as spam by any of the usual means (i.e. by Akismet or any other spam detection plugins), the host is flagged. More than 5 spams from the same host? Blocked!

Mail spammers

Lastly, I monitor my mail server log. Any time a message is rejected by the anti-spam measures in place there, the client IP is flagged. Again, more than a few spam attempts from the same host earn a place in my firewall rules.

These are some of the things I look for to prevent repeated abuse. There are other things as well, that I consider slightly less serious. For example, I recently discovered that a MySpace user was hotlinking an image of mine. So I've put measures in place to ensure that unapproved sites can't hotlink those particular images.

I'm still keeping an eye on my logs to catch other types of abuse that need blocking. Have any of you other spam warriors noticed any trends of abuse lately?

Bookmark to:

Susan's spookalicious Halloween theme

A few months ago, I mentioned that my wife Susan had gotten her blog up, complete with a pink theme. She's been pretty busy lately, what with taking care of our three kids, working part-time, and taking graduate classes (whew!). But she still managed to work on a Halloween version of her theme, which has been up for a short while now.

So, until further notice, enjoy her new, spookalicious, purple site!

Bookmark to:

Scott Adams, creator of the Dilbert comic strip, has been suffering from an unusual condition for the last 18 months. It's called Spasmodic Dysphonia, and essentially its a condition where your brain forgets how to talk. You may still be able to communicate by other means, singing, for example (because different portions of the brain are used to process singing than for normal speech). But for some individuals, normal everyday speech becomes limited, or impossible. Permanently, according to doctors.

My family and friends have been great. They read my lips as best they can. They lean in to hear the whispers. They guess. They put up with my six tries to say one word. And my personality is completely altered. My normal wittiness becomes slow and deliberate. And often, when it takes effort to speak a word intelligibly, the wrong word comes out because too much of my focus is on the effort of talking instead of the thinking of what to say. So a lot of the things that came out of my mouth frankly made no sense.

To state the obvious, much of life’s pleasure is diminished when you can’t speak. It has been tough.

After trying a few things, and discovering that he could still do public speaking in front of crowds (his loss was limited to normal, casual speech), he decided to experiment with the boundaries of his condition and see if he could force his brain to re-map his speaking ability. The amazing thing is, it worked. Essentially, he hacked his brain.

Bookmark to:

A few years ago, I made a post that mentioned in passing that I have webbed toes. About a month later, my logs started showing up a fair number of referals from search engines from people looking for info about webbed toes. So I promised that I'd try to put up a picture. A couple of days later, I posted said picture.

Since that time, those three posts have collected over 900 comments between them. It turns out that there are are lots of people (depending on how you define 'lots') who have syndactyly (webbed toes or fingers), but there isn't a whole lot of information about it on the internet that's easy to find. Some people are just surprised to find out there are others like themselves with webbed toes. Others are embarrassed by their toes and seek information on cosmetic surgery to correct the condition.

In any case, comments on blog posts aren't the best venue for detailed discussion. With the recent announcement of the first official release of bbPress, I've finally set up some forums for more organized discussions. So, if you want to discuss any issues related to webbed toes (or fingers), visit the new Syndactyly Forums.

Bookmark to:

No official announcement yet, but WordPress 2.0.5 has just transitioned from Beta to Release Candidate status. Join the wp-testers mailing list for details on how to download nightly builds. This release is mostly minor bugfixes. You can view all the changes at the WordPress Trac site.

Bookmark to:

This past Wednesday, I got to go see the Thrashers play the Bruins, courtesy of a visit from Geof Morris (thanks for the ticket, Geof!). Geof and I have known each other via the net for quite a while, and we have some friends in common from back when I used to live in Huntsville. But I'm pretty sure that this was the first time we had met in person. So, I finally got to check the 'met' box in my link to his site (well, one of his sites).

Geof was rooting for the Bruins, but surprisingly enough, the Thrashers won the game 4-1. But he wasn't too terribly upset, because, after all, at least we were watching live hockey. That's always good, no matter who wins.

Geof's visit was hit-and-run -- he arrived in town, waited patiently for me to finish up some stuff at my office, we went to the game, then he headed back towards Huntsville. It was fun, Geof. Maybe next time we get together, we'll have more time to socialize.

Bookmark to: