I’ve written a WordPress plugin for April Fool’s Day. It reverses all of the text in your posts on your home page. It does not change any HTML tags, so links and formatting will still be accurate. It also avoids post titles, category names, etc… And it only does this on April 1st. More information and the download are at Home Page Text Reverser.
Moving Away From Google Feedburner
I’ve decided to move away from Google Feedburner. I’ve deactivated my FeedSmith plugin, and have submitted changes to the domain name system. I am so glad that I used the MyBrand option when I set up my feeds.
So my Feedburner feed which was http://feeds.planetmike.com/planetmikedotcom now refers browsers and feed readers to http://www.planetmike.com/feed/
I set up feeds.planetmike.com to point to my own web server. I added this to the .htaccess in the top level directory of that “site.” I don’t even need an index file there, as all requests get rerouted to the site’s home page.
RewriteEngine On
RewriteRule planetmikedotcom http://www.planetmike.com/feed/ [R=301,L]
RewriteRule (.*) http://www.planetmike.com/ [R=301,L]
I deactivated the FeedSmith plugin, double checked that my site was returning my regular feed address, and things are good to go. Please let me know if you see anything odd with my feeds.
Spammers I’ve Blocked
I’ve blocked these domains for spamming.
2009iiisconferences.org
2010iiisconferences.org
ICTconfer.org
smartpowercall.info
requestserv.com
BlogFlux Privacy Policy Violation
Back in May 2006 I wrote abut why I use tagged email addresses. Just today, I found yet another company violating their privacy policy. On October 31, 2007, I registered with BlogFlux.com. Their current privacy policy says:
Your email is only used for contacting you about Blog Flux updates….Your email will also not be distributed to anyone for any purpose….Blog Flux maintains a strict “no-spam” policy. Your e-mail address will not be sold to a third party.
In the past 14 months, I’ve received a handful of messages (well, three) from BlogFlux. Each message clearly identified who they were, each had an opt-out link at the bottom, and each message was related to my BlogFlux account. Today I received a message from “Lesley.” She’s somehow affiliated with LoadedWeb.com. LoadedWeb.com has nothing on their web site about who they are, who’s running the site, their affiliations. LoadedWeb.com also does not have a privacy policy at all. Google searches show that LoadedWeb.com several years ago was a web host.
BlogFlux.com’s privacy policy refers people to their contact page “[i]f you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site…” Unfortunately the contact.php page has no contact info on it at all. That’s the same URL they give in the footer of the site.
Looking at the message headers, I would guess that BlogFlux and LoadedWeb are probably owned or operated by the same people. Their IP addresses are on the same block. (204.11.52.70 and 204.11.52.71). That address is registered to enthropia.com. Their web site looks to be ancient, not updated since 2003?
I’d have to say avoid using BlogFlux.com, or LoadedWeb.com. It is probably just a couple guys doing cool web stuff from their basement, but it feels very random. I don’t think I’d trust them with my personal data or information.
Upgraded to WordPress 2.6.5
I’ve just upgraded all of my blogs to WordPress 2.6.5. I also upgraded some plugins that were a little out of date. Everything seems to be running along nicely.
If the Berkman Center Can’t Secure Itself
Yesterday morning I received a comment spam attempt that had its URL link to a wiki page at the Berkman Center for Internet & Society (at Harvard University). Before approving the comment, I checked out the wiki page. It was full of spam links. I checked out the wiki’s Main Page. A handful of spam links, all gambling related. I sent an email to the generic email address for the Berkman Center. This morning, out of curiosity I looked at the wiki again. Still full of garbage.
Looking through the history of the site’s Main Page, it looks like the wiki was set up on January 3, 2007 at 4:45pm, and last legitimately edited on February 28th. The first spam appeared on April 28th. Since then, the spammers (drugs vs. casino/gambling) have been fighting over the site.
I realize that my notification about this site was sent two days before a major US holiday, but the fact that this site has been allowed to be abused for over a year and a half is frightening. Obviously, this wiki has been forgotten after some long lost project. Did it’s administrator graduate? Did the project not get funding? Regardless, someone must be maintaining the hardware and site. Somewhere there’s a log file needing to be watched. Groups like the Berkman Center need to set a positive example for secured web systems.
WordPress Theme Directory After Four Months
Last summer, WordPress opened their brand new Theme Directory with a whole bunch of themes. Three themes to be exact (Dum-Dum, Tarski, and Monotone I believe), with less than 1,000 downloads the first day. Four months later, after a lot of steady work by designers from around the world, the directory hosts 680 themes, with nearly 1.5 million downloads, a threshold that should be passed sometime later today.
(Click the chart to embiggen.)
Congratulations to WordPress for making the Theme Directory a success.
Odd Comment Spam Attempts
Starting on November 10th at 10:29am (EST), running through this morning at 6:30am, I have received dozens of comment spam attempts across most of my WordPress blogs. They all followed the same basic format:
Deneen Carrillo | aejqtb@lobhyi.com | IP: 94.102.60.151
5wj9j1bdvd74zbcv
A real looking name, an obviously fake email address (usually with a non-existent domain name, which should immediately flag the comment as spam if WordPress or Akismet were intelligent), an IP address from 94.102.60.151 94.102.60.152 or 94.102.60.153, and 16 random letters or numbers.
The user agent strings varied widely:
- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
- Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
- Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
- Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
- Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
- Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
- Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
The bot also submitted every form on the page, including the search form and the submit box. Maybe a simple form should be created to auto-block anyone that submits anything to it. And the bot never downloads images or anything other than the page. Maybe a plugin should could check that a user downloaded some other content before allowing a comment to be submitted? Yes, this forms a horserace, but it may work in the short term.
Spam from Dell via busenetwork.net; or Why Opt-Out Is Still Bad.
I just got a spam from Dell.com, using busenetwork.net. I’m blocking the scum at busenetwork.net. And reporting it to Dell just in case it’s not really from them. Someone else got this as well. Searching through my mail logs shows I’m also getting other messages from busenetwork.net, regarding CareerTrack.
Any time a user has to do anything to stop getting stuff he didn’t ask for, it’s spam. Period. If busenetwork.net can show to me proof that I signed up for this, fine. But they can’t. Therefore it’s spam and illegal.
iWork ’08 Demo Requires Your Email Address
I’ve been loading up my new iMac, and loving it. I also downloaded the iWork ’08 demo. You can’t run the demo unless you give Apple an email address. Wow, bizarre. Even if you uncheck the “keep me informed” box you still have to enter an email address. Mailinator comes in handy again.