Aaron Toponce » Wordpress

Spam Karma Goes GPL

Aaron — Wed, 06 Aug 2008 17:53:10 +0000

The comment spam filtering software used on this blog is Spam Karma. Three weeks ago, Dave, the author of the WordPress plugin, announced that Spam Karma has now gone GPL v2. I have been using this plugin exclusively for my comment spam since this blog has been up and running.

Prior to the plugin going GPL, Dave held the license as proprietary, keeping anyone from repackaging his hard work and making money off of it. However, he also stated on the site that if you asked, he would probably give you full permission to modify the code, and make amendments as necessary. Due to this disclaimer, I installed in on my blog. However, the reason for Dave making Spam Karma GPL has nothing to do with Free Software, but more to the fact that he is no longer supporting the utility, and hopes by making it GPL, the community will pick it up, and run with it. I hope so too, because while I’m a major proponent of Free Software, I won’t run outdated, unsupported software either.

So, if you know PHP, and have a desire to help with a project, pick up Spam Karma. I know I would benefit from your efforts.

Pardon My Dust

Aaron — Sat, 29 Dec 2007 15:58:34 +0000

I’m undergoing some site changes with this blog. Looking for a nice wide 2-column layout for WordPress. I’ve stumbled on Minimalist Fever 1.21. It’s clean, simple and lean. It has a fluid width, which is a must for me, looks good in all browsers, and as such, works well with all resolutions. The text is a tad small from what I’m used to, and I may make it a pixel or two bigger, but overall, I’m impressed. The lack of a simple header, however, may keep me from using this theme permanently. If anyone knows of a good wide fluid-width 2-column theme that is simple and elegant, I’m all ears.

WordPress SVN

Aaron — Sun, 09 Dec 2007 17:11:50 +0000

I recently decided to reinstall my WordPress blog with the SVN copy of the software. Because WordPress does not support upgrading through the default install- a major hindrance, I’ve decided to keep my copy updated through SVN. This means that you need a working copy of SVN on your server. If running Ubuntu/Debian, the following command will get it installed (assuming your account is added to the /etc/sudoers file:

aaron@kratos:~$ sudo aptitude install subversion

Once installed, all you need is to get the latest copy to your server in the directory that you plan on serving it from. For example, if you plan on serving it from /var/www (also, assuming your unprivileged account has write access to /var/www):

aaron@kratos:~$ cd /var/www
aaron@kratos:/var/www$ svn co http://svn.automattic.com/wordpress/trunk/

Now you have the latest copy of WordPress running on your server. Configure your web server daemon as needed to serve PHP files from that directory. When ever you need to upgrade, just issue an ‘svn update’ on that base directory:

aaron@kratos:/var/www/trunk$ svn update

There you have it, the latest and greatest running copy of WordPress. Of course, it should be warned that this is the unofficial release of the software, and bugs may exist causing problems with plugins and serving the software. However, if you are willing to take the punches, then I would recommend running the SVN copy to keep your WordPress insall up-to-date. Until the WordPress devs decide it’s important enough to add an upgrade utility in the software directly, this is definitely the best approach I think.

OpenID Enabled

Aaron — Sun, 10 Jun 2007 17:50:40 +0000

It was important for me to get my site OpenID enabled, for those who would like to use it. I don’t force users to register an account on my blog to comment, so enabling OpenID on my blog might seem a bit silly. However, for those who would like to use their OpenID to identify them when commenting here on this blog, it’s now been enabled.

Here’s how it works. First, the 3 fields of “Name”, “Email” and “Website” are still there, just the “Website” field will now check to see if it is a valid OpenID URI. If so, it will automatically populate the “Name” and “Email” fields, provided that you created a persona with your OpenID provider. If the field does not contain a valid OpenID URI, then it will just behave as normal, allowing your to attribute any website to your name.

If you are curious what WordPress plugin I am using to pull this off, it can be found here. If you would like to delegate your WordPress blog as your OpenID URI, then there is a delegation plugin that can be found here.

A word of note on the OpenID plugin. If you are running Debian/Ubuntu and powering your site with PHP5, GMP is not available in the repos, which this plugin relies on for performance. The plugin will behave fine without it, however. If you would like GMP for the plugin, then you will need to compile it in from source yourself, which isn’t that big of a deal, just heads up is all. All systems are normal, and performance seems okay for me, so I haven’t bothered looking into getting GMP on my Ubuntu server.

WordPress Upgrade Script

Aaron — Sat, 03 Mar 2007 05:45:59 +0000

For those of you running WordPress on your own server, or a server that you maintain, I wrote a little script that may make upgrading your WordPress a bit easier. For me, I am running 4 installations of WordPress, so, when the upgrades are released, it’s a bit of a pain to get them all into shape. So, thanks to Christer for the idea, I wrote a script that takes care of the job 10 times faster than if I were to do it by hand.

First, I should mention that this script comes with no warranty what-so-ever. Use it at your own risk. If you foul up your database or WordPress install, don’t come crying to me. Although this upgraded my 4 installations without hitch, this does not necessarily mean that it will work for you. Please use caution when upgrading the files and the database. If you do run into problems, I will try to provide necessary support as possible. However, I am very busy, so it may be faster for you to figure out what happened, and to fix it on your own. You’ll learn better that way anyway.

Next, this script follows the detailed instructions as closely as possible. Namely:

Your existing WordPress install is backed up, just in case.
All databases are backed up.
All necessary and important files (.htaccess, wp-config, etc) and directories are backed up.
The latest release is downloaded.
All files are upgraded.

Of course, it is your job to navigate your browser to the appropriate PHP upgrade page for every WordPress installation that is upgraded, and verify that all plugins, permalinks and themes work.

At any rate, here is the code: a simple Bash script. The version of the script is 0.1.2.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

#!/bin/bash

# This program upgrades your existing Wordpress installations that you are running on your server.
#
# You need to make the necessary adjustments to this script as needed for your situation.
#
# Make this script executable: 'chmod 777 wp_upgrade.sh'
# Run the script: './wp_upgrade.sh'
#
# Author: Aaron Toponce
# License: GPL v2
# Version: 0.1.2

# =================== Start of Script =================== #

# Provide the necessary directories to what Wordpress installations need to be backed up space delimited
# Change as necessary and uncomment
# For example, if you had 3 sites in /var/www/site1, /var/www/site2 and /var/www/site3
# then it would look like below (do not add the trailing slash):
# directories=(/var/www/site1 /var/www/site2 /var/www/site3)
number=${#directories[@]}
# Testing that all directories specified above are valid before beginning
for (( i = 0 ; i < number ; i++ )); do
if [[ ! -d ${directories[$i]} ]]; then
echo "Directory ${$directories[$i]} does not exist."
return 1
fi
done

# First, we need to get the necessary file
cd ~

if [[ -f wordpress.tar.gz ]]; then
echo "wordpress.tar.gz exists. Please take notice to this upgrade before continuing."
return 1
fi

wget -O latest.tar.gz http://wordpress.org/latest.tar.gz

echo "First disable all plugins on all installations before continuing."
echo "Press ENTER to continue..."
read blah

for (( i = 0 ; i < number ; i++ )); do
clear
cd ${directories[$i]}

echo "We are backing up the full directory, in case anything goes wrong. Press ENTER..."
read blah
cd ../
tar -cvvf ${directories[$i]}.tar ${directories[$i]}
gzip ${directories[$i]}.tar
cd ${directories[$i]}
mv ${directories[$i]}.tar.gz .

# Timestamp in unix epoch format to create unique backup directories
back_ts=$(date +%s)
mkdir backup_${back_ts}

# Backing up the necessary Wordpress database
echo "Please provide the wordpress database name (case sensitive) for ${directories[$i]}:"
read wp_db
echo "And please provide the username to the database:"
read wp_user
mysqldump --add-drop-table -u ${wp_user} -p ${wp_db} > backup_${back_ts}/${wp_db}.sql

# Make the necessary changes for what to backup. This is the default as provided by Wordpress.
echo "Backing up the important files. Press ENTER..."
read blah
cp .htaccess wp-config.php backup_${back_ts}
cp -r wp-content wp-images wp-includes/languages backup_${back_ts}

# Time to copy the latest wordpress that we downloaded and overwrite all files
echo "Getting the latest cp of wordpress. Press ENTER..."
read blah
cp ~/latest.tar.gz ./wordpress.tar.gz
tar -zxvf wordpress.tar.gz

# Overwrite all files
echo "Overwriting all old Wordpress files with the new. Press ENTER..."
read blah
cd wordpress
cp -rf * ../

# Copy the files that we backed up back
echo "Coping the important backed up files back in. Press ENTER..."
read blah
cd ../backup_${back_ts}
cp -rf * ../

echo "Point your browser to the necessary site and run the upgrade script."
echo "EG: http://example.com/wp-admin/upgrade.php"
echo "Update your permalinks and .htaccess."
echo "Install updated plugins and themes"
echo "Reactivate plugins"
echo "Press ENTER to continue..."
read blah
done

clear
echo "Congratulations! You have successfully upgraded your Wordpress."
echo "Please review that your browser resolves your site."
echo "Enjoy!"

Using GeSHi

Aaron — Tue, 19 Dec 2006 15:49:28 +0000

For those who are unaware, I am using GeSHi as my syntax highlighter for WordPress. It is a solid program, and well worth the look, if you are looking for something to highlight your code on your blog. It’s licensed under the GPL, and I love it.

One of the strong features in GeSHi, is the ability to recognize keywords and functions built into the language, and provide a link to the official documentation about that keyword. You may have noticed this with my last post about optimizing searches in Perl. Clicking on one of the functions will take to the Perl documentation site about that function. Try ‘print’ or ‘open’ to see what I am talking about.

To get GeSHi into your WordPress blog, use this plugin. It’s in beta, but it’s just a wrapper around the initial GeSHi code. You can easily update your Geshi, by downloading the latest from here, unpacking the folder, and dropping it into the plugin folder. Works like a charm.

However, WordPress isn’t without it’s flaws, and as such, some of my code that I post on this site may appear a bit odd. For example, in my most recent post , you may have noticed that my file handles are in lowercase. Generally, it’s considered good programming practice in Perl to put your file handles in uppercase, as harleypig mentioned in the comments. Well, I do uppercase when coding, but WordPress thinks that anything between < and > is HTML, so it lowercases the letters between the tags. Also, if I don’t have a closing tag, it will provide one for me. So, as you may have also noticed, in the code, I have closing tags for the file handles just past a comment marker. This may look a bit odd, but it’s for WordPress’ sake. And yes, I have tried escaping the tags with < and >, but then it shows up as so. Of course, I am working on a plugin to stop this behavior.

So keep this in mind when looking over the code that I post to this site. The reason for the code is to illustrate a point rather than show syntax-perfect code (although all code I post to the site should compile without errors). If you have any questions about the code, of course, leave it in the comments or contact me directly.

Now, on with the show!

Blog Updated- New Theme Installed

Aaron — Fri, 08 Dec 2006 05:47:07 +0000

Monochrome, lightweight, and totally liquid. Comments fixed on the pages, lean CSS, designed with standards, no intensive images and a dark background with light text, so no more looking into a lightbulb as you read my blog. This is definitely the WordPress theme for me. I love it love it love it!

You can find Gray 1.0 by Kaushal Sheth here.

Now I just need to go through the templates, and make it W3C Compliant…

Theme Changing Time

Aaron — Fri, 08 Dec 2006 03:48:18 +0000

Pardon my dust while I change my WordPress theme. I’m looking for something with an overall dark theme, light text and wide. We’ll see what turns up.

Page Comments

Aaron — Wed, 16 Aug 2006 19:03:35 +0000

I am frustrated with this site theme. It is nice, and very well laid out, but it lacks the ability to show comments on pages. I know the PHP template is correct, so there must be something going under the hood that I am not aware of. So if you want to place a comment on a page, like my Ultimate Firefox Extension List For Junkies, tough!

I should have it working soon though. I love this template, and refuse to give up on it just because of one little quirk. That’s what drives us geeks anyway, doen’t it? Coding challenges?

Cool WordPress Plugin

Aaron — Fri, 28 Apr 2006 15:05:30 +0000

Well, for those who are now commenting on my blog, of which I thank you, I am exploiting your user agent string, and displaying it for all the world to see. Let’s see how many of you Linux/Firefox users are actually Windows/IE users! HAHA!

It will show something to the effect of:

Using Firefox 1.5.0.2 on Ubuntu Linux

The plugin is a comment plugin for all WordPress blog installations of 1.5 and 2.0. You can find it here, if interested.

Of course, you could always modify your UA string with this extension for Firefox, then no one would know that you are using Windows.

More Spam Morons

Aaron — Wed, 26 Apr 2006 02:47:21 +0000

(In the voice of Dr. Evil) Bwahahahaha! Hahahahahaha!! Mmmmwahahahahaha!! HAHAHAHAHAHAHAHA!!! MMMMWAHAHAHAHAHAHAHAH!!!!! Mmmmmhmmm!! Hmmmm hmmm! hmm hmm. hmm. Okay.

Seriously, I think I am getting too much of a kick out of comment spam recently. It is just so entertaining. Here is the latest, that actually passed all the spam checks in Spam Karma, and made it through to the blog itself:

From: Use Keyword Here
Post: Welcome
Comment: Personally, I never use more than a single link in the comment I post because doing so can trigger spam catchers if the user has that plugin activated, whereas a single link will not.

Well, “Use Keyword Here”, my plugin does a little more than just counting the number of links in a comment post. It also checks for a valid JavaScript and encryption payload (both of which are commonly found in normal web browsers (which help identify people instead of bots)), and your IP address against others that have been “spanked” as spam. And that is just getting started. It cacluates “karma points” based on these criteria and others. If your points are high enough, it passes through. Otherwise, you sit with the rest of the comments in database prison, never to be published.

What is great, however, is that I can review the passed comments, and manually “spank” comments as spam as I please. Unfortunately, although you make a good point about the number of links in a comment, your email address was “you@your-site.com”, and your name pointed to an ad-infested site (luckily, I have the adblock plus extension in Firefox, and didn’t see a single ad). So, even though you make a good point “Use Keyword Here”, I personally think you’re spam, and your IP has been blacklisted. Sorry. However, thanks for brightening up my day today, because it was a rough one.

I Love Comment Spam, Kinda

Aaron — Wed, 19 Apr 2006 04:50:30 +0000

At least I find it very humorous.

I am using WordPress 2.0 as my blog CMS, and lately, I have been getting a fair amound of comment spam. Luckily, I have the strongest spam filter out there, Spam Karma 2. I won’t go into details about how it works, but it does a fantastic job. Best comment spam implementation I have ever seen on any CMS. I should know, I have used a lot.

However, the purpose of this post to highlight some of the comments that I have received, just to show how ridiculous they are. Before I delve into them, I am curious how it shifted directions. 2-3 years ago, as bloggers who have been blogging for that length of time will know, comment spam was just in infancy, and as such, focused on enlarging certain things, prescription drugs, and lottery tickets. Now the spam is less intrusive. It’s a lot more laid back, and “friendly”. The comment spam seems almost like it is trying to trick you that it is your friend or someone you know who left the comment, and as such you trust them, so you’ll click on the links provided. Are they really that stupid?

Anyway, let me give you some examples of what I have received as comment spam.

From: car insurance ny
Post: The Ultimate Firefox Extension List For Junkies
Comment: Excellent point. I must say I agree. I found this site doing doing some research on increasing car insurance rates since the Bush Administration took over. I love this site. Great job! Mike.
From: PHP mysql
Post: Welcome
Comment: Hey, I have to say that this really is a great blog. Found your blog while searching for more information at yahoo about php mysql. I was reading your blog and I realized it had quite a lot of interesting thoughts, that’s why I stopped by and gave it a look. Keep up the good work.

And my personal favorite:

From: Omron proximity sensor
Post: Welcome
Comment: Hi, my name is Kari and I want to say thank you! Your article here helped me with my College project and wanted you to know it. I was searching for info about Omron proximity sensors and I somehow ended up on your blog. Tomorrow my teacher is going to get a very good job done! I wish we can keep in touch, thank you again.

I don’t even know what an Omron proximity sensor is! But hey, I’m glad I could help you out with your college project. Hope you get an ‘A’ with all the information I provided.

Seriously though. Were do these come from? Do they honestly think I am fooled? Do the comment spammers, automated or not, think that because you praise a blogger for his content, you’ll get traffic to your site? (All of the links were taken out, BTW, as I can’t pose a risk to where they point, or what content will be delivered to your computer.)

Here’s the thing. Spammers, I hope you are paying attention. If you want your comments to appear on a blog, and get actual revenue for the links you send out, try to be a little more human. Saying things like “Hey! Great site! Love the content and layout. You have a lot of comments. Good job!” isn’t exactly what I would call “normal” comments. Having links to casinos and online games when you’re talking about the content of my post isn’t exactly “intuitive”. In fact, you wnat to know what? Nevermind. Just bag it. Just fold for crying out loud. You couldn’t get it right with email, what is to say you will get it right with blog comments?

At any event, if you are a WordPress blogger, I would recommend getting Spam Karma 2. It automatically updates via the web, includes blacklists and whitelists and overall is just the most configurable and powerful comment spam protection I have ever seen. It’s a plugin that installs easily, and is fully compatible with WordPress 1.5 and 2.0.

Changing Themes

Aaron — Wed, 22 Feb 2006 23:49:32 +0000

I am in the process of changing the overall look and theme of the site. I won’t be designing my own (too lazy), so I will be finding some cool WordPress themes that are wide and stylish. If you notice that the theme changes as often as I wash my hands (I am very compulsive about that) for the next little bit, it is because I am experimenting. If the site is down also in the near future, I apologize in advance.

Thanks.

Linux Is Fun and Stuff, but…

Aaron — Tue, 14 Feb 2006 15:17:58 +0000

…setting up a Linux server, and evern worse, being the system administrator is a pain in the butt!!!111!!!11!one

Okay, here’s the thing. I am now hosting the OALUG site on my Ubuntu web server. No big deal. I am hosting 3 other sites as well. Being a web admin is not that bad. Lately, however, I need to set up a mail and DNS server for the OALUG group. I’ll get to that in another post as to why.

First, I asked a friend what packages I needed and what needed to be done, as he has done it before. He gave me the link to an excellent howto, and for the most part, everything went smoothly, until I began installing packages I already had installed, like MySQL. Don’t ask.

Everything started breaking. First it was MySQL, then PHP, then Apache2. Then, after updating the repositories in my source.lst file, 280 packages broke, including the Linux kernel, the Ubuntu desktop, and a top more.

As you can see, MySQL, PHP and Apache2 are working just fine now, I hope (I’ll really find out if this post doesn’t submit). All the packages that I broke, I have fixed. But I was up until 2:30 in the freaking morning fixing them. And that was before I even had the chance to get my web server as it was before all this mess.

Now, before all you Microsoft advocates come out of the woodwork saying, “We told you so Aaron. Windows is easier and less cryptic to use than Linux”, I have to say that I have learned a ton. And, despite the lack of sleep, the 300 new gray hairs, and ulcers that I developed, it was actullay, in an odd sort of way, fun. I got to see deep inside the server. I edited config files, changed all sorts of permissions, added, removed and readded packages, and really got to know a lot better how my Linux server works. I wouldn’t trade that for an easy GUI that handles everything for me.

Am I finished? No, I still have a little more to go. And I will probably break more packages on the way, but, I will learn more than if I purchased a program to do to the job for me. And I will be more qualified as a Linux/UNIX system admin. I would never apply for such a job. The stress would kill me, but my qualifications have just jumped through the roof.

Comment Spam

Aaron — Wed, 11 Jan 2006 01:01:01 +0000

As with every other blog that I have ever hosted, I seem to be the target of comment spam. In the past, I have implemented CAPTCHA images, forcing previews, and filters, all of which worked exceptionally well. With WordPress, however, I can catch all comments in moderation to require approval first. This was working fairly well, until I started wading through 17-20 spam comments per day. Apparently, there isn’t a built in spam manager for WordPress. Thankfully, I have the ability to install plugins.

Hello SpamKarma.

After downloading, installing and activating, I am impressed. First off, it scanned all of the PHP files in my theme to make sure it was compatible with the markup. Next, it noticed all the previous 80+ messages that I had marked as spam using the built in WordPress feature. For starters, I am impressed. Looking deeper into the plugin, I notice that I have the ability to change the strength of of SpamKarma for every comment posted. It offers many other features such as blacklists,
link counters, JavaScript detection, snowball effect, captcha images and much much more.

Basically, if you are a WordPress blog user, and your blog has been up for a decent amount of time (at least long enough to receive comment spam), you shouldn’t be using your blog without it. Just in the time writing this post, it has already caught 5 comment spam messages, and I didn’t have to worry about a thing.