Subscribe via

Project Honey Pot Http:BL WordPress Plugin

This plugin is no longer supported/updated. Please see Project Honey Pot Http:BL is going back home.


Today I would like to announce the release of “Project Honey Pot Http:BL” WordPress Plugin.

Description

This plugin allows you to verify all visitors’ IP address against the Project Honey Pot database. Using the Http:BL API, this plugin flags, logs, and blocks visitors with a high threat score, helping you prevent harvesters, spammers, or other suspicious bots from abusing your blog. I’ve been talking a lot about LoJack anti-spam measures lately and this is one of them.
This plugin requires you to sign up for a free account at Project Honey Pot so that you can use their Http:BL API to verify your visitors.
This plugin is based on Jan Stepien’s http:BL version 1.4 which is no longer being supported. This version of the plugin fixes a lot of database bugs and usability issues that the original plugin had. Here are the key benefits of having this plugin enabled.

  1. LoJack anti-spam solution with collective intelligence
  2. Easy Project Honey Pot integration. No need to mess with Apache mod_httpbl, which means that this will work on shared hosts.
  3. Ability to redirect malicious bots to a bot trap.
  4. Logging capabilities

Read on…

My Bot Trap in Action


Previously I wrote a post about how to list poison email harvesters. Today I discovered that an unknown harvester/scraper bot has stumbled into my one of my traps. Here is the description of the bot:

IP:82.230.123.141
Host: bne75-7-82-230-123-141.fbx.proxad.net
User agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)

From the log snapshot (image), you can see that the bot had recursively crawl through 14464 pages, harvested anywhere between 5 – 20 fake email addresses per page (that’s about 12 * 14464 = 173,568 emails harvested), and wasted nearly 10 minutes on my site before deciding that it’s done. You can see that the last link the bot visited was something that looks like this:

http://omninoggin.com/suspicious/8864/1530/7374/527/3510/9061/8198/9981/3367/1751/5075/1765/7282/4842/1710/3655/614/9951/3183/3609/3731/9430/7682/6298/2287/683/3370/5633/4187/8842/1852/5984/7767/6037/7675/3984/4646/7823/8462/1793/6556/3054/1362/3111/3407/8182/7374/169/7738/158/2802/5438/7230/9552/1384/7538/index.php

Read on…

Adding More Sites Social Homes Widget Plugin


Social Homes Widget is a small but neat little plugin that lets you add links to your various social homepages in your sidebar. Of course you can do this manually, but it’s a lot nicer to be able to manage this in the widgets section in wp-admin instead of having to dive into your sidebar.php every time you want to modify the list.
The plugin supports 19 different social home links. This is more than enough for most people, but not me. Today I found that I needed to add my Plurk homepage to this list. So I found a quick hack to get this done fast, instead of submitting a request to the author. All I did was: Read on…

iPhone 2 (3G) compared to gPhone compared to WordPress?


I’m sure everybody now knows that the iPhone 2 (3G) is going to be released on July 11th, 2008. I asked a buddy if he would prefer to wait for the gPhone over the iPhone 2 and he humorously responds:

“too unproven”
“too designed by committee”
“like open source”
“don’t want no open source microwave”
“don’t want no open source phone”
“try to make food in open source microwave you find out you need to compile the dependencies for popcorn separately first”

WordPress, being an open-source software, is the most popular blogging platform out there. Why is this? Because it addresses the average Joe’s concerns of open-source software.
Read on…

Completed OMNINOGGIN Server Migration

Server Migration
I apologize if you have visited earlier today and found the Maintenance-Mode screen. I was moving this blog from a self-hosted dedicated server to a shared-hosting server. In this post, I will discuss the reasons for my decision and the switching experience.
Here are some reasons why I made the switch (Pros):

  1. I’ve been getting more readers lately so my bandwidth was almost reaching capacity. Shared-hosting is the cheapest way to get decent burstable bandwidth.
  2. I wanted to start focusing more on WordPress and less on FreeBSD. Making this switch will alleviate me from having to maintain/troubleshoot low-level system things, leaving me with more time to focus on WordPress development & discussion.
  3. Read on…

AJAX Force Comment Preview WordPress Plugin

This plugin is no longer supported/updated because of low demand for the plugin.

Today I would like to announce the release of ‘AJAX Force Comment Preview’ WordPress plugin. The plugin works like TextPattern’s built-in ‘force comment preview’ feature by forcing your commenters to preview their comments prior to submission. In addition this plugin is AJAX enabled so the user does not have to reload the page to preview his/her comment. Here are the key benefits of having this plugin enabled.

  1. Comments quality will increase as users will be forced to preview his/her comment before submitting it. Previewed comments are sent through WordPress’ various filters so that the user can see exactly how his/her comment will appear after it is submitted.
  2. Spambots will not be able post comments unless it actually tries to “preview” the comment. When a preview is requested, a nonce key is generated and returned along with the preview. This nonce key is then required to be sent back to the server during comment submission. So in order to submit a comment, the spambot would have to use javascript to request a comment preview prior to submitting the comment. Most spambots do not care to preview so this offers some level of spam protection.

You may find the download link below. As always, please feel free to share any comments, questions, and suggestions!
Read on…

My Cacheable WP-PostViews Mods Became Official!


Lester Chan (GaMerZ) has released the his ‘Wave 2‘ of plugin updates. One of the plugins updated was WP-PostViews. I’m happy for this release since he was able to incorporate the mods I did to WP-PostViews and made it elegant and public for everybody to use. Although I probably won’t be getting as much traffic for my WP-PostViews mod anymore, I learned a lot from making this and a couple other plugins cacheable. Hopefully I will continue to make contributions of this magnitude to the WordPress community in the future. Kudos Lester!

List Poisoning Email Harvesters


You may not know it, but your site is probably being regularly harvested for email addresses. In this post I will show you how to easily help fight email spam using a Lojack technique called List Poisoning (see previous post for more Lojack anti-spam philosophy). Though this is not a new technique, it is definitely worth spreading the word and implementing.
The goal here is to pollute the harvester’s email list with fake email addresses and fake recursive links. In doing so, the harvester will waste time and resources harvesting and spamming fake addresses. (see this in action)
In the demo below, you will notice that the first three links are recursive links that will just redirect to the same index.php. The next set of links will be fake email addresses generated for harvesters.
Read on…

Comments Were Broken Recently. It’s Fixed Now.


For those who have tried to comment on my posts but were not able to, I would like to sincerely apologize. If you are a returning reader/commenter, thank you for your patience and your continued reading loyalty. I would also like to thank Agam Rosyidi for notifying me that my comments were broken on this blog. In the future, if you notice anything wrong with my site, I would greatly appreciate it if you let me know via my about page.
On the actual problem itself, it turned out that WP-SpamFree was not working with WP-Super-Cache when the cached page is being dynamically delivered. I did not look too much into why this was the case, but comments now work after disabling WP-SpamFree. I have removed this plugin and I don’t plan on re-enabling WP-SpamFree in the future or making it work with WP-Super-Cache because of the philosophies in this great paper by Mark Pilgrim. I highly recommend reading this timeless article before you think about combatting spam. Read on…

Alex King’s “Articles” Plugin Mod

Alex King’s ‘Articles’ is a great plugin that lets you easily mark posts as featured articles. You can also display a list of featured posts on a selected page/post by placing a “&#35&#35&#35articles&#35&#35&#35” tag in it. That said, there are TWO big problems with it:

  1. It doesn’t work with WordPress 2.3.x or 2.5.x
  2. It displays the same article in each category that the post is listed under. So that means if your featured post is filed under 5 categories, your post will show up 5 times on your featured articles list.

Andy Cowl has already resolved issue #1 on this WordPress support thread (THANK YOU!). Here are the changes Andy Cowl did.

+++ articles.php        (working copy)
@@ -96,13 +96,11 @@
        $cats = $wpdb->get_results("
                SELECT $wpdb->term_relationships.object_id, $wpdb->terms.term_id, $wpdb->terms.name, $wpdb->terms.slug
-               FROM $wpdb->term_relationships
-               LEFT JOIN $wpdb->terms
-               ON $wpdb->term_relationships.term_taxonomy_id = $wpdb->terms.term_id
-               LEFT JOIN $wpdb->term_taxonomy
-               ON $wpdb->term_taxonomy.term_id = $wpdb->terms.term_id
-               WHERE $wpdb->term_relationships.object_id IN (".implode(',', $post_ids).")
-               AND $wpdb->term_taxonomy.taxonomy = 'category'
+               FROM $wpdb->term_relationships, $wpdb->term_taxonomy, $wpdb->terms
+               WHERE $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id
+               AND $wpdb->term_taxonomy.term_id = $wpdb->terms.term_id
+               AND $wpdb->term_taxonomy.taxonomy = 'category'
+               AND $wpdb->term_relationships.object_id IN (".implode(',', $post_ids).")
                ORDER BY $wpdb->terms.slug, $wpdb->term_relationships.object_id DESC
        ");

On issue #2, I’m thinking about modifying this plugin to accept another custom field called “article_category” to accept a string value of your category slug. Let’s say you feature a post that has 5 categories and set “article_category” custom field to “blogging” then the post will only show up once under the “blogging” category on your featured articles page. What do you guys think of this mod? If there is some demand for this, I will definitely move this to the top of my stack of projects and crank this out in a few hours. Please let me know via comments.