Noticed anything strange here in journal? No? Good!

I just finalised updating to WordPress 1.5. The process was partially smooth, but as I had hacked the original WP and some plug-ins for better layout or additional features, I had to port those changes one by one.

The updating process (in case you’re interested) was the following:

1. Backup the whole database with mysqldump.
2. Edit the resulting file to change the database.
3. Create new database and provide enough rights to relevant MySQL users.
4. Pump the data in the backup to the new database.
5. Install WordPress 1.5 to some location.
6. Fix the config to point to the correct database.
7. Run upgrade script provided by WordPress.
8. Change the blog URL manually from the database. Without this fix, the admin pages would redirect to the old blog.

Now we have one running blog in the old location, seen by all visitors and another blog that is used to get things right before publishing.

1. Create new theme.
2. Copy layout files to the new theme and activate it.
3. See the results and compare to the old blog.
4. Fix an issue and go back to the previous step. Fortunately, I had marked my changes to the old source — it was relatively easy to grep them and then port them to the new code. Some changes were no longer needed, for example, the calendar has been fixed to work with Finnish weekday style.
5. Install plugins and activate them. Add own code to the Spaminator. Some ideas were already implemented, so only 2/3 had to be ported.
6. Change external files that use the blog database. Test them.
7. Copy comment form layout and functionality from the old code. Change the name of the wp-comments-post.php file.
8. Find a bug in Textile JavaScript and fix it.
9. Test that everything works.

The new blog is running as an exact replica of the old one. It was time for the switch.

1. Move image directory from old blog to new one.
2. Configure new blogs URLs to point to the correct location.
3. Rename old blog directory.
4. Rename new blog directory.
5. Test that everything is still okay.

Easy, isn’t it?

By the way — please inform me, if you find anything out of ordinary.

I had relatively peaceful period in blogging after I renamed the wp-post-comments.php, but yesterday the first spammer updated his robot to snoop the new URL from the form, as I was predicting.

Fortunately all the spamming attempts so far have been feeble, going through the same old stuff and Spaminator has been able to delete all of them.

The situation still sucks and I really don’t want to waste my precious time to delete a bunch of comment spam emails every day. Maybe I’ve to figure out new counter-measures, once again. Or should I implement the monster that I designed earlier. Anyhow, all good pointers are really appreciated.

I’ve been hit hard with online poker comment spam recently. None of them got through Spaminator, but they still eat up processing power and bandwidth from my site. To get rid of some spammers (hopefully), I renamed the wp-comments-post.php.

This won’t help with the modern spamming robots, as they are capable of traversing the individual pages and read the comment form fields, and then generate the POST request on the fly. Renaming the fields would help for sometime, but not for forever.

I figured out a solution that could stop automatic spamming, but it’s not straightforward to implement and I don’t have time to set up a staging server to test it. The basic idea is simple:

1. Everytime the comment field is generated, a random number is added as an hidden field. The number is also written to the database along with the current timestamp.
2. When a comment is posted, the existence of such field is checked. If there is none, the comment is discarded as spam.
3. If the field exists, the value is compared to those found in database. If the value is not found or its timestamp is too old, the comment is discarded.

This approach has its problems, too. The comment spammers could load every entry in your blog, collect the generated values and use them to post the spam. But to get there, they should update their spam robots and that would take time.

The idea can be extended, for example, by splitting the generated number into two parts and using these parts as the name and the value of the field. Thus there wouldn’t be any specific name to look for for the robots. Or, use the value as the POST URL. Create a separate folder inside WP installation, copy the wp-comments-post.php into it, set it to handle 404 errors and then check the original filename. Simple, eh?

Anybody interested in writing this piece?

After I installed Kitten’s Spaminator, not a single spam comment has gone through. Several normal comments have been posted with no problems.

I’ve set Spaminator to send email to me for every spam killed, so if it accidentally kills a legal comment, I could repost it. I soon learned that this approach has one problem: I need to go through all the emails by hand and sometimes this is quite daunting task.

Spaminator sets the following subject for all mails:

[Blogname] Spaminator: Spammer caught!

I fixed the PHP code to include other information to make it easier to delete all repeating messages:

[Blogname: SPAM] sender <email> URL

For example:

[Nomadig: SPAM] Mr Foo Bar <foo@example.com> http://www.example.com/

This is accomplished by changing the value of variable $to on line 146 to following:

$to = '[' . get_settings('blogname') . ': SPAM]' .
      $this->post['author'] . ' <' . $this->post['email'] . '>, ' .
      $this->post['url'];

I’ve gained first small victory in fighting comment spam. A few days ago I installed Kitten’s Spaminator and after that it has swallowed every comment spam message. Way to go!

My only concern is that it may delete some normal comment as spam and I wouldn’t know anything about it. The Spaminator sends email for every deleted spam, but currently I have to read the message to see the title and the sender of the message. This is cumbersome, especially is some jackass sends a spam for every article that I have…

Maybe I have to fix this someday, if the number of emails grows.

I got attacked by comment spammers during my long weekend in northern Finland. They seem to operate mostly on Saturday and Sunday (seemingly a favourite). I found out that I had issues when I was reading my email with my phone and there were 91 new messages in my Nomadig.com account. Unfortunately all of them were related to comment spam, and none of these spam messages were caught by WordPress spam tools.

As a sidenote, I must say that it was quite nomadic experience to clean up my blog while travelling in a long-haul bus from Taivalkoski to Oulu. I successfully used my phone to log in to the WordPress management pages and cleaned up all spam comments.

I also added a few spam words to the filter. This was a mistake. WordPress didn’t understand the newlines send by the phone and all words were separated with ‘?’. This, of course, opened the doors for spam. Luckily enough, I found this out during middle of another wave of spam and fixed the situation immediately. The flow stopped and I now have to clean up a couple dozen moderated comments.

I have to shift gears in the fight. I’ll use the following countermeasures:

1. Install Stop Comments plug-in from Laughing Lizard to allow me travel without caring comment spamming for a while. Unfortunately this restricts also all valid comments for the period of my trip.
2. Use Stop Open Proxy Commenting from John to stop comments from HTTP proxies that are known to send spam email.
3. Consider using Spam Karma from Dr. Dave to stop spam comments getting into the blog.
4. Study more alternatives at WordPress Combat Comment Spam site.

[Update Dec 8th]
I just installed comments off and ip blocklist plug-ins. If you cannot comment, please provide error report by email.

Any other suggestions?

I’ve been, once again, attacked by a comment spammer. It seems that she (yes, indeed she) is adding the very same message to every single blog article on this site.

Fortunately WordPress hasn’t allowed any of these messages to go through. I don’t say the explicit reason, as I really don’t want them to learn from their mistakes.

Maybe I should ask Google not to follow links on the comment pages? Or does somebody know whether you could control Google’s indexing with rel or rev attributes?

I’ve tried recently to add images to my blog posts whenever possible. They enrich the post and add value to the reader.

My problem is that I don’t have much time to fool around with the images. The current procedure for having a photo in my blog is the following:

1. Take a picture with one of my cameras
2. Transfer the picture to my laptop using memory card adapter
3. Open the picture in Photoshop
4. Crop and resize the image
5. Correct colours and sharpen the image
6. Save the image for web
7. Upload the image to WordPress
8. Attach the image to an article

Has somebody better way of doing this? Any technical aids that would do good? If somebody is willing to write a Photoshop export plug-in for saving images to WordPress, I’d be willing to beta test it.