|
|
Saturday, November 10th, 2007
OK: The comment spam filter I have in place right now is working (so far); but it would be pretty easy to circumvent if a spammer was determined enough. But I have in mind a pretty simple way to expand it and make it secure, and way better than the captcha images that everybody hates. (Drawback is, it relies on Javascript, which not every browser supports. This could be gotten around a couple of different ways.) I am going to try and implement it over the next few weeks and then I will write it up and try to get other people using it -- it's way better than captchas. (I won't write it up until it's in place because the writeup would include information on how to get around the current, insecure filter I have in place.) Update: Oh wait, no it actually wouldn't be much more secure than the current scheme. A little harder to get around I guess.
posted afternoon of November 10th, 2007: Respond
➳ More posts about Programming Projects
|  |
|
Last night I got hit with my first really major spam attack. So, this morning I implemented a solution I've had in mind for a while. I'm not totally sure it will work but we'll see. If it does work, it's pretty elegant and would require substantial amount of legwork on the part of the spammer to circumvent it, work that I'm pretty sure my site is not worth. Again: not disclosing it in public but if you're interested, let me know and I'll tell you how to do it. Note: I just deleted a ton of comments without checking. If you left one last night, I deleted it and I apologize. Update: Well the spam is coming fast and furious all morning and getting intercepted by my trap! Groovy, we'll see how it holds up. Update: It gets even better! Now Lynx users can leave comments without getting tagged as spam. If you are trying to leave a comment and getting rejected as spam, let me know.
posted morning of November 10th, 2007: Respond
➳ More posts about Projects
|  |
Friday, November 9th, 2007
Boy oh boy, tonight I rebooted the new server for the first time since I got it running back in late September! Why, you might ask -- it was not sick, nothing was wrong with it. Well: I inherited an oldish flatscreen monitor from my workplace -- a reboot was necessitated in order to get the computer talking to the screen. That's kind of big news; the old monitor was the one I've been running with ever since I inherited the previous computer from my previous workplace back in 1996 or thereabouts. It was a totally inappropriate monitor for the purpose it was serving; a monstrous, 22" CRT that must weigh over 30 lbs., that totally dominated the desk even though it was never turned on. The new screen will be a much better neighbor for the other things on the desk.
I was a little concerned when I rebooted and the web site was not accessible; I had sort of assumed that apache set itself up, when I installed it, to run as a daemon without anyone having to log in. Turns out that's not the case! Anybody want to tell me how to make it so? sshd starts automatically, which is good. Took me a little while to figure out how to start mysqld -- this would also be a great process to have loaded automatically when the system boots.
And: After I posted this, I noticed its id was 877 and I thought that's weird, wasn't I posting stuff in the 880's earlier? And I looked at my database backup from this morning (!) and saw that there were indeed more posts than I was seeing on the site. Kneel before me, Mysql! I know how to backup and restore databases! (And thanks, Mysql, for making it so easy to do, that a lazybones like myself can do it.) So... If you're commenting on this post and want to tell me how to get mysql and apache auto loading, it would be great if you could drop a hint about how to make mysql exit gracefully as well, because it sure seems like it did not do that this evening.
Update: Developing... it looks like to make apache and mysql load on boot, I need to put them in /etc/rc.d/rc.local. Now, my computer has no such directory; but it does have rc?.d where ? is a number from 0 to 6 or the letter S. There is also etc/init.d. I should be able to figure this out...
posted evening of November 9th, 2007: Respond
|  |
|
Looking for that READIN post you read and enjoyed last year, but can't find it? I've added an Archives page that should be of some use. Posts are sorted by topic and by date. Let me know if you like it or if you think of any features that would make it more useful.
posted morning of November 9th, 2007: Respond
|  |
Tuesday, November 6th, 2007
I hit on a way to defeat comment spam coming in from chin/e/sefr/eewebs, which I'm getting a lot of lately. Not saying what in public, in case they come around and notice; but if you are getting hit with similar traffic, drop me a line and I'll give you the recipe. It's pretty simple.
posted afternoon of November 6th, 2007: Respond
|  |
Thursday, October 18th, 2007
Wow, that was fast! Guess I will hafta come up with some kind of security thingy. Update: Well I wrote a script for quick deletion of spam. What should I do about blocking it? A captcha?
posted morning of October 18th, 2007: Respond
|  |
Tuesday, October 16th, 2007
Ok: All the time I've had a blog I've wanted to host comments. And now I do, at least in a rudimentary fashion. You need to put <br> and/or <p> tags in your text if you want paragraph separations. html is allowed for now; indeed security is almost entirely lacking. It would probably be possible to break my software; please don't try. Or at least, send me a note if you have an idea for something that could break it. Update: I fixed it so you do not have to markup your paragraph separations. Yay me! Update as of Wednesday morning: Here are some more things you can newly do: Include apostrophes in your name/handle, and not have them show up backslash'd; include apostrophes in the body of your response, and not have the whole thing chucked out; include links in your response and not have them stripped out. I am using tidy to clean up the html in the comments and it is a temperamental thing. Powerful tho'.
posted evening of October 16th, 2007: 10 responses
| |
Monday, October 15th, 2007
I'm interested in sweetening up the look of this blog by changing the fonts used, and wonder if anybody reading has advice about what fonts to use. Here is what I'd like to do: - The three sections of the blog -- left sidebar, body, and right sidebar -- should be distinguished from each other. My thinking was that the left sidebar should be a slightly smaller font size, and maybe the right also, and possibly a different named font. But I don't have a designer's eye of what named font looks good where.
- The headers should be a different font from the text, I was thinking they should be sans-serif.
That's pretty much it; I will check what wordpress stylesheets look like, since I tend to really like their presentation. I need to learn how to use css, which seems pretty easy but which I have been resisting up until now. Anyone got advice for me?
Update: Hmm... well that's something anyway. Plagiarized some styles from wordpress, added a couple of my own. Still not totally sure how this thing works.
posted evening of October 15th, 2007: Respond
| |
Friday, October 12th, 2007
So in my log I see a bunch of requests today for GET blog/?k=<keyword> \'\'
and(char(94)+user+char(94))>0 and
\'\'\'\'=\'\'
where <keyword> is one of the keywords that links exist to on the site; and also I see that my script translated those requests to
<keyword> \\\'\\\'
and(char(94)+user+char(94))>0 and
\\\'\\\'\\\'\\\'=\\\'\\\' before passing them to the database. So the queries just returned empty sets instead of wreaking whatever havoc they might have wruck unescaped. Yay PHP! Yay careful programming!(Note: but while editing this post I realized there is a different kind of escaping that you have to do when you are writing to forms -- the < and > signs were translating to markup in my inputs. Funny I never ran into that problem on the old site, you wouldn't think it would be a PHP-vs.-ASP distinction.) Update: So what do I have to do to ban these guys from my site? I tried putting the following in my httpd.conf: <Directory (path to root of my site)>
order allow,deny
deny from (IP)
deny from (IP)
allow from all
</Directory>
and restarting the service, but that does not seem to have done it.Another Update: I think I got it: the Directory directive in apache2/sites-available/default is overriding the directive in httpd.conf because httpd.conf is included first. I think I just need to take the default directive out.
posted evening of October 12th, 2007: Respond
➳ More posts about Programming
|  |
Monday, October 8th, 2007
So as I go through my site testing various filters and archive pages, I am reading a fair amount of what I've written over the last four years. And -- im ganzen und großen -- I'm pretty happy with it.
posted evening of October 8th, 2007: Respond
| Previous posts about The site
Archives  | |
|
Drop me a line! or, sign my Guestbook.
•
Check out Ellen's writing at Patch.com.
| |
