Skip to content

Setting the WordPress 2.5 Secret Key

19 March 2008, 10:27 am

I’ve been exploring the WordPress 2.5 Release Candidate 1. I found a few bugs that are probably related to AJAX or javascript under Safari 3.04. I made a few suggestions and comments for part of the new design aspect of the Administrative section. But one interesting thing I haven’t seen mentioned anywhere is WP 2.5’s “Secret Key.”

When you set up WordPress, you put your database settings in the wp-config.php file. There is a new line there:

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit https://www.grc.com/passwords.htm
// to get a phrase generated for you, or just make something up.
define(‘SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.

While I’m not sure what the “secret key” is used for, I prefer using my own pass phrases and passwords. I generally use the pwgen program to generate my passwords. This command

pwgen --numerals --capitalize --symbols --secure 64

entered in my PowerBook’s Terminal gave me a good password. You can install pwgen for OS X with these instructions: Building pwgen on Mac OS X. Why use pwgen over grc.com? Why not? It’s good to have options.

Filed under WordPress.
6 Comments

ShaBlastBot Spider Considered Abusive

18 March 2008, 9:23 am

While perusing my apache logs, I ran across a lot of requests from a bot with the user-agent of “ShablastBot 1.0” and all came from the IP address of 67.228.100.141. Reverse IP shows that 67.228.100.138 67.228.100.139 67.228.100.140
and 67.228.100.142 also resolve to shablast.com. One significant problem appears to be it doesn’t correctly parse out feed: URLs, so I have dozens of bad requests for things like “HEAD /2008/02/feed:http:/www.example.com/feed”

The other major problem is it sent out many many requests in a very short amount of time. Luckily, the server throttled the connections before any damage could be done. But for now I’ve blocked both the ShaBlastBot user-agent and the known IP addresses of that agent from my server.

There isn’t any obvious way to contact any one at ShaBlast about the problems, although I did leave a comment on the site’s blog.

Filed under Web-design.
4 Comments

MS Office Discussion Bar

14 March 2008, 10:24 am

I’ve started watching my web server logs more closely, and found several requests for /_vti_bin/owssvr.dll and /MSOffice/cltreq.asp. Examples:

/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=6551&STRMVER=4&CAPREQ=0
/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6551&STRMVER=4&CAPREQ=0

Apparently, these requests are caused by someone using IE with the Discussion Bar turned on. I wonder why IE isn’t smart enough to read the headers to see that I’m not running a Microsoft web server. Or maybe MS has fixed this with version 7 of their browser, since all of the requests I see are IE6.

Filed under Web-design.
Comments Off on MS Office Discussion Bar

WordPress TimeZone Handling is Ridiculous

11 March 2008, 11:29 am

This is 2008. Why in the world does WordPress not know how to shift it’s internal clock when Daylight Savings Time starts or ends? If the server itself can do it, why can’t WordPress? Heck, my VCR can even automagically adjust by an hour twice a year.

I was going to write a plugin to do this, but Kimmo Suominen has already done it. In February 2005! Matt Mullenweg or someone at Automattic, send Kimmo a check for a few hundred bucks and incorporate his code into the core WP system for 2.5.

The plugin is available at Time Zone plugin for WordPress.

Filed under Plugins, Web-design.
Comments Off on WordPress TimeZone Handling is Ridiculous

Verizon’s New Terms of Service

1 March 2008, 8:08 am

Verizon emailed me on the 29th letting me know about their new terms of service for my DSL connection. The new terms go into effect on Tuesday, March the 4th. They can be found at http://www2.verizon.net/policies.

I hope no one wants to contribute to any adult sections of the Internet, you can’t do that according to sections 2(a) “Verizon reserves the right to deny Service to you, or immediately to terminate your Service for material breach, if your use of the Service or your use of an alias or the aliases of additional users on your account, whether explicitly or implicitly, and in the sole discretion of Verizon: (a) is … pornographic, … or of a sexually explicit or graphic nature;” and 3(b) “You may NOT use the Service as follows: … (b) to post or transmit information or communications that, whether explicitly stated, implied, or suggested through use of symbols, are … pornographic, … or of a sexually explicit or graphic nature;.” That seems to be too broad, as sexually explicit talk could include medical concerns.

And section 6 says “[y]ou agree that your name, UserID, and other identifying information may be placed in our user directory.” What user directory? Is that open to the public? Or just the internal one that Verizon maintains of their customers? It seems that they wouldn’t need to put in their Acceptable Use Policy that Verizon is keeping a copy of their customer’s information.

Section 7 seems to let Verizon share your info and surfing habits if they even suspect you of doing anything wrong. “Verizon reserves the right to cooperate with legal authorities and/or injured third parties in the investigation of any suspected crime or civil wrong. Such cooperation may include, but not be limited to, provision of account or user information or email as well as monitoring of the Verizon network.” It also seems to say that Verizon won’t stand up for your rights, but will instead simply roll over for any complaints about one of their customers.

I realizethat the terms of any ISP are more to cover their butt than to be effective, and that 99% of their customers won’t care what is in these agreements. But they still give a lot of power to the company, and none to their customer.

Filed under Technology.
3 Comments

Frontbridge’s 88.blacklist.zap

29 February 2008, 11:19 pm

One of my clients complained to me that some of their email wasn’t being delivered. I investigated and discovered that email to them through my server was being bounced. The error message in the maillog was:

Feb 25 10:44:59 server1 postfix/smtp[607]: 852EA400001: to=, relay=mail.global.bigfish.com[216.32.180.22], delay=2, status=bounced (host mail.global.bigfish.com[216.32.180.22] said: 550 Service unavailable; Client host [64.34.170.90] blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com (in reply to RCPT TO command))

Visiting Frontbridge.com takes you to a page at Microsoft.com. Frontbridge is apparently Microsoft’s hosted Exchange servers. So I emailed that message to the address given in the bounce message, and got an auto-acknowledgment that they would look into removing my server from the block. This morning I got an email that my IP has been safelisted. But:

As long as this IP address does not continue to send a majority of spam, messages will continue to be allowed to route through our network. If this IP address gets relisted after a period of time, further assessment of this IP would be required and the removal process would be more difficult.

So I emailed and asked what spam they think my server had been sending. The response:

The 88.blacklist.zap is an internal list generated with logs from our spam filtering engines. IP addresses may end up on this list if a certain percentage of the mail received by our network from that IP address is marked as spam by our filters for a given period of time. For example 90 percent of the mail is spam for 15 days. The thresholds are variable and may change as needed to ensure the safety of our network.

When the IP address is listed in the blacklist, all emails coming into our network from that IP address are blocked without going further into our filters.

We do not keep a copy of spam messages in our server. After the IP address has been safelisted, we cannot provide you traces or logs of spams prior to being delisted.

So if I have no idea what messages are triggering their alarms, I can’t fight the problem. I can’t even protest, since I don’t think I’m sending spam. Which probably means I’ll be losing a client if I get blacklisted again by Frontbridge.

Through watching the logs, I think I’ve figured it out. I use Mailman to manage mailing lists. For that client, the list is set to reject any message sent to the list from a non-subscriber. That message though is forwarded to the list-owner. So the 100 spam messages that are sent to that list everyday were being forwarded to my client. Frontbridge saw those messages and concluded they were spam. I’ve turned that option off, so now my client won’t get those refused messages. Hopefully no one on the list will accidentally use the wrong address to post, because no one will get a warning they tried to do that.

Filed under Spam.
68 Comments

To Fight or Not To Fight a CyberSquatter

26 February 2008, 5:33 pm

I recently discovered that one of my active web sites’ domain names has attracted the attention of a cybersquatter. I emailed the address on the page, which bounced. So I poked around a bit and found another email address. I emailed that address and got a polite note back. I asked if I could purchase the domain name for $75, which should cover their registration expenses for the 4 years they’ve had it. I got back a note telling me that only serious inquiries would be entertained. Their page now has the same keywords and text that is found on my site.

I think I can very easily show that the other domain has been registered in bad faith. He’s trying to make some money off of my hard work. And he’s causing confusion in the marketplace, if people accidentally go to his domain name instead of mine.

Under ICANN’s rules for Domain Name Dispute Resolution, I think I would win the domain if I filed a formal complaint. The catch is that would cost me $1,300 or $1,500, depending on which organization I file the complain with, The National Arbitration Forum (NAF) or World Intellectual Property Organization (WIPO).

I’d love to get some advice on how to proceed. My options are:

  1. I could offer the cybersquatter (who has lost several of these cases, so he’s familiar with the process) a little more money, but that really galls me.
  2. I could file a complaint, and be out at least $1,300. But I think I would prevail.
  3. Or I could rebrand my site under a new domain name.

If anyone has any experience with this process, I’d love to get your feedback.

Here are a couple of good resources:

Filed under Web-design.
1 Comment

New System to Fight WordPress Comment Spam

23 February 2008, 5:07 pm

I’ve started using a new system to fight comment spam. If you see any problems when trying to submit comments on the site, please let me know. Email of course, since you won’t be able to send a comment if you find a bug. mclark at planetmike.com. Thanks.

Filed under Web-design.
5 Comments

The Boy Who Saved Christmas

22 February 2008, 3:56 pm

For Christmas 2007, my wife and I made a movie with our 8 year old nephew playing all of the roles. It turned out pretty well. My sister-in-love and brother loved it, it was definitely a surprise.

Filmed with a Canon GL2, edited in iMovie HD.

Filed under Buy-a-Mac.
Comments Off on The Boy Who Saved Christmas

Evolving PlanetMike.com: Chapter 5 – New Name

7 February 2008, 4:30 pm

Currently most, and soon all, of the content at PlanetMike.com is related to technology and web design. So I took this opportunity to rename the site from “Michael Boyd Clark Journal/Blog” to “PlanetMike’s Technology Journal.” I am now adding new GoogleAlerts to monitor for the new name appearing in splogs (already found two!). I also tweaked the settings in my rss footer plugin.

Filed under Site-details, Web-design.
Comments Off on Evolving PlanetMike.com: Chapter 5 – New Name
« Older Entries
Newer Entries »