Ho John Lee's Weblog

The automatic nightly link posts from del.icio.us stopped working properly sometime last year. The links would get posted, but had extra “\n” inserted at every line break. Here’s an example. An unexpected side effect of having “ugly” link posts is that I mostly stopped posting links to del.icio.us for a while.

As part of the recent blog platform update, I’ve switched from the del.icio.us� “experimental” nightly blog posting to Postalicious, which seems to be working nicely, you can see the new link post style (and the old ones too, unless I get around to cleaning them up) here.

This evening I’m rolling out a long overdue update to the blogging platform. It’s been a little complicated, because I ‘ve been running a heavily customized WordPress 1.5.2 for a long time, and there have been a lot of changes since then to WordPress, various plugins, and the underlying database (the current release is 2.7.1).

The new version is based on Atahualpa, which has many customizable options. The Recent Posts, Tag Cloud, Recent Links, Twitter status, and permalinks are all working as before.� The new template doesn’t have a place for the randomly selected banner thumbnail images from my Flickr account, but does incorporate a larger random image at the top, which currently selects from a few photos I picked out of my snapshot collection. I may figure out some other way of sharing some photos here. I’ve also added a random quote widget. You have to provide your own collection of quotes, so there aren’t many in there yet.

It might be a little slower than the old platform for a while until I get the caching set up, all those customizable options use a lot of database queries.

Let me know what you think, and if you are have any suggestions or are having problems viewing things. I’ve mostly been looking at this with Firefox 3, so people with other browsers may have a different experience.

I just noticed that my WordPress installation got hacked by a search engine spam injection attack sometime in the past few weeks. This particular one inserts invisible text with lots of keywords in footer.php. The changes to the file were made using the built-in theme editor, originating from ns.km20725.keymachine.de, which is currently at 84.19.188.144. The spam campaign automatically updates the spam payload every day or so. The links point to a variety of servers that have also been hacked to host the spam content. Here is a sample: http://www.nanosolar.com/feb3/talk.php?28/82138131762.html
I’ve sent an e-mail to Nanosolar, so they’ll probably have that content cleaned up before long. But the automated SEO spam campaign updates the keyword and link payload regularly, so any affected WordPress sites will be updated to point at the new hosting victims.

From a quick check on Google, it looks like keymachine.de is a regular offender

I’ve added a local tag cosmos, which shows a tag cloud for posts on this site. Unfortunately, I’m also using tags and bookmarks scattered across del.icio.us, Flickr, Technorati, and other services, which aren’t integrated into the cloud, but this provides a different view of what’s been posted here since I’ve started tagging things.

I’m still evolving my personal use of tags. You can see that I’ve started tagging some posts with “web2.0“, although I’ve been reluctant to turn it into a site category. I don’t like the label, but I recognize that it’s the most popular tag for a lot of “new” stuff at the moment. So exposing the tag makes it more findable.

I’ve been debating reducing the number of post categories in favor of using frequently occuring tags for site navigation, so that recurring topics automatically make themselves more visible. It can be difficult to find things here, partly because I’m posting about a lot of different topics and partly because the categories don’t always organize the posts very well.

Tagging on this site is currently implemented using Jerome’s Keywords plugin for WordPress to apply tags to posts and for generating the tag cloud.

We’re using the WordPress WP-ContactForm plugin by Ryan Duff and Firas Durri on some of our sites. During the past few weeks, there has been an increasing volume of attempted spam e-mail through the contact form. The latest update (1.3) has additional validation on the form input to prevent the injection of MIME enclosures, additional mail header fields, etc.

Here’s a recent discussion thread on the WordPress support forum. Firas says:

For those curious, the spamming/attaching is done via injecting extra headers alongwith the ‘From’ field. It’s not done using the actual html interface, but via other agents posting to the script.

The update announcement is here; the latest version is available on the plugin project page.

If you’re running an earlier version of the WordPress Contact Form plugin, this update should block the latest round of spam agents attempting to abuse the older version.

The past couple of days I’ve received a few hundred comment spams from “Kelly Ronald”, “John Reed”, “Nicholas Truman”, “Peter Back”, and “Alexander Kolt”, from IP addresses in Mexico, Taiwan, France, Australia, and California, among others. Most of them are tagged by the stopword list, but it’s a reminder that I should revisit the antispam implementation while I’m reworking the site. For now, I’m making good use of the bulk comment edit feature in WordPress.

Jeff Clavier appears to have gotten the same treatment:

If you are like me, you got blasted by “friendly” comments from Alexander Kolt, Nicolas Trumen, John Reed, Peter Back, and Kelly Ronald – all praising your blog, your posts and yourself.
This new generation of comment spam is more clever than previous but for one thing – the fact that spammers are picking old posts that are not commented upon anymore. Otherwise they use legit blogs/blog posts and in a few cases, it is not even clear which web site they are “pimping”

Jeff also turned up a security blog with additional info:

We have experienced a “massive attack” of SPAM on our blogging system from various hosts all pointing to two websites:
http://www.cosmicbuddha.com/blog/archives/ 001169.html (I have broken the URL intentionally)
And
http://anthony.ianniciello.net/blog/archives/ 000079.html (I have again broken the URL intentionally)
The comments contained very brief sentences and links to the above web sites.
From what it looks like it was an act of an attack against automatic blacklisting and un-moderated comments, probably not conducted by authors’ of the above blogs.

The author of at least one of the sites linked to in this spam run doesn’t seem to be responsible, he’s got a comment on the post linked above, and one of his posts has effectively been taken over by the discussion about how he ended up as one of the two target links in the posted spam comments.

This batch of spam seems a bit random. The typical spam postings I see here try to link to spamblogs and commercial sites. None of the linked sites in this set appear to benefit from the spam. So perhaps this is a test run for something in development. Wonderful thought.

Separately, I’ve also seen a number of attempts to send spam e-mail through a hard coded PHP mail form. Bill Lazar mentions seeing some similar traffic on his site:

In the last few days, though, somebody or someone’s script has found the form and is filling it out repeatedly. I guess the idea is that a useful percentage of web forms will trigger an automated response that’s of interest to the programmer though just what isn’t clear to me. The script fills in the form fields with the same data, an email address of a four or five character random group of letters (such as xtpku) at this domain.

The bad formmail posts are originating from 213.114.195.37 and 66.166.127.226, among others. I don’t think it’s actually succeeding in getting mail sent anywhere, but it’s clogging up the administrative mailbox with failure messages.

Update 09-14-2005 16:20 PDT: Updating to WP-Contact Form 1.3 seems to help. Still seeing attempted spam from new IP addresses, including 62.93.34.155, 67.169.28.125, 146.83.216.207, 206.206.126.44, and 210.0.200.2. Hopefully they’ll figure out that it’s not working and move on.

Later this week I’ll be at the Blog Business Summit in San Francisco. A discounted registration for WordPress users is available.

There’s also a WordPress update released, 1.5.2, with bug and security fixes since 1.5.1.3. It’s not a platform for everyone, but I’ve been very pleased with the high level of support, technical flexibility, and the active developer and user communities that have evolved around WordPress in the past couple of years.

I enjoy the option of changing whatever I like in the system, but also enjoy not needing to do so most of the time.

Update 2005-08-14 17:48 – A bigger discount is available for Blogger users! The WordPress discount is $400, the Blogger discount is $500. Hmm.