ricketyclick

I’ve picked up a couple of links from a blog-scrapper, an automated site that collects links to articles that might be of interest to a given audience. This particular scrapper apparently panders to Dems and other leftie wreckers, because it’s linking So Proud, on Barry Hussein’s exceptionalism; and Obama’s Disciples, on the kind, tolerant, well-meaning folk who just chose our next President.

I hope I get a lot of traffic from those links, but I expect not. Mostly, scrappers exist to artificially inflate linkage numbers so they can charge their advertisers more. I’m leaving these two up for amusement, and the off chance that some of the Hopeful will come here and be outraged in comments,but any more links from these assholes will be deleted.

I’m updating even though the security problem is a very low risk.

I’m updating to 2.6.1, which has over sixty fixes, but not 2.6.2, which has only a few low-priority fixes, and isn’t yet included in Fantastico.

WP 2.7, with what looks like a greatly improved Dashboard, is in the works. I’m looking forward to that, although it seems to be quite a ways out.

If problems occur, I’ll revert, having just run the (updated to 2.2.1) Wordpress Database Backup plugin. (Which, by the way, works very nicely.)

Anyway, Here. We. Go!

(As part of this process, I’m disabling all plugins, so things might be a bit wonky for a moment. Stand by.)

---

Okay.

Seems to have gone pretty well.

Carry on.

Awhile back, I started to get users from the .pl (Poland) domain registering en masse, three to five a day. None of them ever commented. It is not necessary to register to make a comment here, or to view the blog. To find out what was going on, I turned on the WordPress feature requiring registrations to be approved by me, and for awhile, I emailed the would-be registrants, asking them to confirm that they were real people, and to explain why they wanted to registered.

After a couple of dozen requests, nobody had ever replied, and I just let the requests pile up.

I have no idea why this is happening, what benefit those registrations could confer. I can’t even figure out what cost it might impose on me.

Just to be safe, though, I’m not approving those registrations, and I’ve deleted all of the registered .PL users with no posts (which is all of them).

If you know what this is about, or if you are from Poland and wish to register, or if you were previously registered but are not registered now, please add a comment to this post. I don’t want to restrict anyone with anything to contribute — but I don’t want to be taken advantage of, either, even if I don’t understand how it might be done.

As noted in the previous post, I’ve installed the “Ajax Edit Comment” plugin, but I was not happy with it, because it did not provide a preview capability.

This post announces the installation of the Ajax Comment Preview plugin. Again, this depends on Ajax technology, which may not work with all browsers.

The great advantage this plugin provides is that the preview is filtered through the Wordpress display engine, so that your preview should look exactly as it will appear when it is posted.

Testing another feature: Show ▼

Wow, I was mistaken. I did not have JavaScript turned off in Firefox. It’s turned off now, and although you can still post a comment, you cannot preview it or edit it after posting. I’m going to have to think about this. Not running JS breaks other stuff in the Wordpress posting editor as well.

The Spoiler plugin I’m using (which protects text with Show/Hide tags) doesn’t work with JavaScript off, and it is not graceful about it, either: spoilers are invisible. I’d prefer a failure mode where spoilers show if JS is not present.

Somehow, I doubt that any editing or spoiler plugin will work without JS.

On the other hand, the spellchecker I’m using in Firefox does work with no JS.

---

OK, I’ve turned my JS back on. I’m keeping the current plugins, because turning off JS breaks so many things, I think most people will have it on.

I’ve added the WP Ajax Edit Comments plugin, which will allow you folks to edit your comments for several minutes after posting. (I, personally, hate having to blindly post comments, only to find that I’ve made some horible speeling misteaks.)

Ajax, the technology platform underlying the plugin, does not work for all browsers. If you are using something other than Internet Explorer 5+ for Windows, Firefox 1+, Mozilla 1+, Safari 1.2+, or Opera 7.6+, please let know, via email if necessary, that this plugin is getting in your way.

---

OK, seems to work. There will be a few minutes while I play around with the options….

---

The original comment form is unchanged, so the comment entry form does not allow you to actually preview. Hm. I kinda don’t like that, and there doesn’t seem to be an option to turn that on.

However, once you post your comment, you have fifteen minutes to edit it. I may adjust this if experience shows you need more time.

I’ve installed the Bad Behavior spam filter, which is aimed at automated attacks (see the Comment Policy on the sidebar). It should present no barrier to real commenters. Please let me know via email if it does.

[update]

Wow. It’s only been a few minutes since I installed the filter, and it’s already blocked six spams. I’ll note that Wordpress says that almost 16,000 comments have been marked as spam since ricketyclick’s inception, and I know I didn’t mark them all by hand, so some have been rejected by other methods.

Originally, I wasn’t posting the name of the plugin, for fear of giving out clues to the spammers. Then I realized Bad Behavior announced itself in the page footer, with a Blocked Spam counter. I could turn that off, I guess, but I’m assuming that the BB writers wouldn’t do that if knowing about the plugin substantially increased vulnerability. Anyway, “security through obscurity” is generally a weak approach. Either BB works or it doesn’t.

Thanks to reader S.R. for recommending this plugin.

[update 2]
I installed Bad Behavior at about 2:30 pm. It’s now a little after eight, only five and half hours later. The banner at the bottom of the page shows over a hundred spams blocked. No posts I judge to be spams have shown up in the logs. I’m pretty happy about that.

[update 3]
Twenty-four hours later: 270+ spams blocked. Die, filthy lying thieving scum. Die slow.

I’m upgrading the site to Wordpress 2.6. As always, be prepared for it to just go totally pear-shaped.

---

OK, that seems to have gone correctly. Whew.

The Power of Dill Compels You:

PZ Meyers at Pharyngula sez:

Christianity is like sticking [forks] in your face and your rectum and plugging them into a wall socket. Your insides will smoke and sizzle, you’ll glow, sparks will shoot out of you, and you’ll become a cooked vegetable.

Ooo-kay, then.

“Don’t try this at home.” Right, so much for all those living-room Bible study groups, then.

---

You know, I have a “Philosophy and Religion” category. I need to fix that. It should be separate tags: “Philosophy” and “Religion and Superstition”.

---

Done.

Every day I get several new user registrations from the .pl TLD, indicating they are from Poland. Most are from an outfit called o2.pl, which seems to be a Polish ISP. The user names typically do not match the email address. They do not even post comments.

Self-registered users have “subscriber” access, which basically means they no privileges above and beyond any other user (unless I enforced a users-only comment policy, which I don’t).

I have no idea what this is about. However, the notification emails fill up my admin mailbox, it’s a nuisance dealing with them, and I can’t shake the feeling this is somehow spam-related.

Accordingly, I’m setting a policy that prohibits self-registration; I must approve all new users.

If you know what’s going on, please leave a comment below. No registration necessary. For now.

For a while today, Word Press was throwing an odd error:

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

I saw this shortly after making three changes–I installed Smedberg’s Atom 1.0 plugin; I’d been playing with directory permissions on my host (Hosting Matters, if it matters); and I’d installed the Java plug-in.

The key turned out to be disabling Java and restarting the browser. Oddly, just to test, I re-enabled Java, and the problem has not yet recurred.

Submitted as a comment here.