Categories
Blogging TITGIG

Malware removal

Google notified me that my site has apparently contained malware for a few days. And indeed it has – at some point after publishing Summer Calendar some miscreant apparently gained access to the WordPress admin account and inserted an iframe to some dodgy site hosted on usrv03.ru.

I have now deleted the admin account and removed the iframe (obviously) and requested that Google reindex my site to check that everything is good now.

Might be worth checking your own WordPress site for unexpected iframes.

Categories
Blogging Guidance TITGIG

Possible WordPress date formatting bug

As you have noticed, I do not display the time on my posts – just the date. However, anything published between midnight and 5am gets the words “in the small hours” appended to the datestamp, to indicate that even though it was technically posted on date D according to some atomic clock in a large city in Europe, it was posted on D-1 according to my internal daily rhythms.

To implement this, I use the function `get_the_time(‘G’)`. This should return a number between 0 and 23 which indicates the hour of the post’s timestamp. However, this stopped working, and it would actually return a very large number (of the order of about 1.1 billion) so the test failed. I don’t know whether this was caused by the upgrade to WordPress 2.5, or my recent move to a different server.

I managed to “fix” the problem by commenting out the following few lines near the top of `mysql2date` (defined in `wp-includes/functions.php`)

if( ‘G’ == $dateformatstring ) {
return gmmktime(
(int) substr( $m, 11, 2 ), (int) substr( $m, 14, 2 ), (int) substr( $m, 17, 2 ),
(int) substr( $m, 5, 2 ), (int) substr( $m, 8, 2 ), (int) substr( $m, 0, 4 )
);
}

However, this is not the ideal solution. Firstly, it’s hard to know if this change is causing a breakage elsewhere in the system (where the code relies upon this apparent bug). Secondly, when I upgrade to a new version of WordPress, I have to remember to fix the new `functions.php`

I discovered a better solution to the problem. I put `functions.php` back to its original state, and then replaced my calls to `get_the_time(‘G’)` with `get_the_time(‘G ‘)` – note the added space. `$dateformatstring != ‘G’` but the function returns the desired result. Get in.

I would report this on the WordPress support forums but I can’t be bothered to create an account.

*Update: I’ve discovered that the offending block of code was added for WordPress 2.5 to address this issue.*

Categories
TITGIG

Indecision

I have a number of email addresses, all of which find their way into the same inbox. There is one address which I use as my primary address. Entirely unsurprisingly, it’s of the form something @ thisdomain. It seems to get a lot of spam, which is a shame, as I thought that I had done a decent job of guarding it.

It would be very simple for me, configurationally speaking, to switch to using somethingelse @ thisdomain as my primary email address instead. Any email sent to the old address would get the error message that the specified mailbox could not be found on this host.

Naturally, my only concern is for my existing contacts. When the old address suddenly stops working, will they have the sense to open a web browser and go to http://pete.nu to find out what gives? At present, that page just redirects to the blog, but I could very easily change it to display a huge message saying *I have changed my email address, use this contact form to get in touch with me.*

On the one hand, spam doesn’t trouble me too much because GMail’s filters seem to be reasonably reliable. But, on the other hand, it would be nice to not have to scan a couple of hundred email subject lines each day to check for false positives.

Should I go for it?

Categories
Blogging Computing TITGIG

Wouldn’t it be cool if…

For a while, I’ve been thinking “wouldn’t it be cool if Google Reader could automatically generate a blogroll from my subscription list?” Obviously, I’d want to be able to choose whether each individual subscription appears on the list or not.

Well, it seems like Steve Lacey, a developer at Google, has also wanted this. And so he did it.

It’s currently only available as a JavaScript include, which goes against my usual stance of avoiding using JavaScript for core functionality, but I’m making an exception in this case. Because, for the first time in years (at least four, by my reckoning), I have a public blogroll on my site! And it requires very little additional maintenance on my part ((all I need to remember to do is add the label “blogroll” to new subscriptions that I wish to share)).

Categories
Computing TITGIG

Spam-proofing my contact form with Akismet

For a while, I’ve used a contact form (written in PHP) instead of publishing my email address on this site, to thwart spammers. However, recently I’ve noticed an increasing number of spam messages being submitted through the contact form.

My first thought was to add a drop-down box where the user can select what their query is regarding – the default selected option is “My desire to sell you discount pharmaceuticals” and any messages submitted with this option would not be sent. However, the spammers (or the scripts that they use) would generally submit the form with a random selection from this box, so the majority of spam was still coming through.

I didn’t want to make the contact form difficult to use, so I looked into ways of filtering out spam using Akismet, the same application that protects the comments forms on this site (and a very good job it does, I might add).

You will need to download akismet.class.php and upload it to your web server. Rather than rewrite all the instructions here, I’ll point you to the perfectly adequate documentation that already exists.

Categories
Blogging Computing TITGIG

Precondition Failed when trying to leave a comment on WordPress

A reader emailed me a little while back to tell me that he’d been having difficulty leaving a comment on my site – he’d get the error “412 Precondition Failed”.

I did some investigation and found that sentences such as *”However, its a far cry to be able to create a food sample from scratch.”* and *”As a computer programmer yourself, you’d probably find it easy to program a computer to create hit songs from scratch, right?”* were causing the problem, and if I reworded them, the comment would be allowed through.

I did a bit of digging around and came to the conclusion that these sentences were being rejected because they looked like an attempt to hack the site. I consulted my web hosts, 34sp, and they confirmed that mod_security was rejecting them because they took the format “create blah blah blah from”, which could be construed as an attempt at a SQL command.

Leaving aside how unintuitive the error was (surely 403 Forbidden would be much more appropriate than 412 Precondition Failed?), there is a solution. You can disable this particular rule by putting the following line into your .htaccess file:

SecFilterRemove 300013

The side-effect of this is that you will also lose additional protection against SQL injection attacks, so use it at your own discretion.

*UPDATE: I realise now how much of a misnomer this post’s title is, as this problem has nothing to do with WordPress.*

Categories
Blogging Computing Original Software TITGIG

Related post

Weblogs are very time-sensitive, as you probably know. They attempt to capture the *here* and the *now* and the *this* and the *that* and the *wow* and the *yeah* and the *groovy* and the ilk.

There are caveats however. Certain time-sensitive data is just not worth reporting on.

Firstly, the “hey, do you like my new design?” post. You just know that this is going to look daft in three years time when someone is browsing through your archive and they come across it. If you really must publish a post like this, at least have the decency to include “before” and “after” screenshots.

A variation on this is the “I’ve added a small rotating badger to my sidebar” post. Rotating badgers are cool, so I’m going to forgive this particular instance, but as a general rule I feel that if you publish a post when you *add* the small rotating badger, then you should then really delete that post once you’ve *removed* the small rotating badger. Or include “before” and “after” screenshots. Whatever.

The second example of time-sensitive data that’s not worth reporting on is:

> I’ve now had 100 comments on this site!

…and…

> I’ve now had 200 comments on this site!

…and…

> I’ve now had 307 comments on this site!

…and all the variations like…

> I’ve just checked, and I’ve now written 10,000 words on this site!

…or…

> I’ve written 38,000 characters on this site, not including whitespace, HTML markup, links to small rotating badgers and punctuation other than exclamation marks!!!!!!!!!!!!!!

And onwards, to my actual point

My **actual point** is that I’ve added a “More from the same category” thing. If you are viewing the [individual entry archive page for this post][], then you should be seeing it at the end of this post ((oh boy, if I delete it and then forget to update this post then I’ll never hear the end of it now.)). It basically digs a random entry out of the archive that is under the same category as the post which you are viewing. I’m quite meticulous ((note my use of the term “quite”: there is still a lot of stuff in “Uncategorised”)) about categorising posts, but generally I don’t make them visible to readers. This changes that.

[individual entry archive page for this post]: http://pete.nu/blog/2006/10/related-post/

Posts can belong to multiple categories, so it’s theoretically possible to browse the entire site just by following the trail that starts below. It only appears at the bottom of individual entry archives – I could put it at the end of each post on the front page ((or search results page, or monthly archive page… you get the jist)), but I’m currently leaning towards keeping the front page free of clutter.

The “More from the same category” thing is in the form of a small WordPress plugin, which I can make available if you so desire.

Now, my minions – feel free to go back in time, and leave daft comments on old posts. Back when it was good.

Categories
TITGIG

Search Engine Etiquette

If you want to encourage referrals to your [WordPress][] weblog from search engines, then the least that you can do is to ensure that people will be directed to a page containing the information that they seek. I consider this to be basic etiquette.

[wordpress]: http://wordpress.org/

If the relevant search engine result is pointing to a monthly archive, or a category archive, or even the front page of your site, then it is likely that within a few days or weeks, the particular post in question will have moved to the second page of results. This means that when your visitor lands on the page, they won’t see the information that they expected (at least not until the search engine next reindexes your site), and they may not necessarily know where to go next.

My solution to this problem is to ensure that only individual entry archive pages show up on search engine results – all other pages on this site will not be indexed. Look in your header.php file and just inside the `< head >` section, add the line from [search-engine-etiquette.phps][] ((It’s only one line of code, but when I pasted in inline here it caused some strange problems with WordPress. It seems safer to leave it in an external file.)).

[search-engine-etiquette.phps]: http://pete.nu/samples/search-engine-etiquette.phps

What Does This Do?

Basically, it means that for any page other than an individual entry archive page, the robots rule `noindex,noarchive,follow` is specified. Search engines are instructed not to index or archive that particular page. However, they **are** instructed to follow links on the page to look for other indexable content.

Also…

I’ve upgraded from [WordPress][] 1.5.2 to 2.0.2, and am also now using [Akismet][] to stop spam ((not that you will have ever seen spam on this site, of course, but I was getting a lot in the moderation queue, making it likely that I’d accidentally miss a genuine comment)). If you try to write a comment and you get the following message, then it means that your comment has passed the spam filter:

[akismet]: http://akismet.com/

> Your comment is awaiting moderation, and is presently only visible to you and Pete himself. Once Pete has approved it, it will appear publicly on the site, and any comments that you write in future will be automatically approved.

However, if your comment does not appear, and you do not see this message, then it means that your comment has been mistakenly identified as spam. Use the contact form (link is in the top-right corner) to let me know, and I’ll retrieve it from the sticky spam trap.

Categories
TITGIG

Bugfix – erratically expanding textareas, no thanks!

Ade discovered an undesirable behaviour when writing a comment on this site, which I believe is probably also present in the WordPress classic theme.

The main text field for entering comments in was being created using the following HTML:

<p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p>

As a result of a bug in Internet Explorer, as soon as you start typing in this text field it will expand to the width of the browser window, leaving the right-hand edge hidden underneath the sidebar. The culprit is cols="100%".

To fix it, I added a couple of lines, so the HTML now reads:

<div style="width:100%">
<p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p>
</div>

This seems to fix the oddness in IE without affecting the rendering in Firefox. Let me know if you encounter any further peculiarities.

Categories
Computing TITGIG

Favicon misery – resolved!

I’ve been having trouble with this site in Internet Explorer. It loads fine in Firefox, but when I try to open it in IE, I get a nasty dialog box.

The title is “File Download – Security Warning” and the text in the box says “Do you want to save this file?” with a load of blah blah blah and ultimately “Save” and “Cancel” buttons.

I couldn’t find anything on Google, which is why I’m putting it here. Maybe one day it will help someone. Or maybe one day I’ll forget how I fixed it, and I’ll need this to jog my memory.

Anyway, much investigation revealed that the culprit was the “favicon” – when I removed the line that referenced the icon, my problem went away. It smelled a little as though my problem was with mime types – I’m very insightful like that. As it turned out, I was utterly correct.

Add the following line to the bottom of your .htaccess.

AddType image/x-icon .ico

I understand that you can also use httpd.conf to do this somehow – one day I should sit down and figure out what this is all about.

Wait a few minutes, clear your cache, make a cup of coffee, or stroke a rabbit. When you come back, all will be better. I hope.