WordPress spam filtering: improved.

On this WordPress blog, I'm running the WP Hashcash plugin to prevent spam. Recently, I've seen a lot more spam, I guess spambots now recognise WPHC encryption.

WPHC encryption could be upgraded to withstand spam again. But new bots will break new encryption. The biggest problem is that all blogs using WPHC use the same javascript to decode the key. If only you could be a liiiiittle different from other blogs, standard bots wouldn't have a chance.

My solution is to include a few filters in WPHC. This allows for weblog owners to write a tiny plugin to have slightly different antispam than other weblogs. For instance, at this moment, my extension is as simple as:

<?php
/*
Plugin Name: WPHC Extension
Plugin URI: https://www.geeklab.info/2010/04/wordpress-spam-filtering/
Description:
Author: GeekLab.info
Version: 1.0
Author URI: https://www.geeklab.info
License: GPL
*/
function wphc_jskey_ext($js){
for($i = 0; $i < count($js); $i++)
$js[$i]--;
return $js;
}
function wphc_getjs_ext($in){
return preg_replace(';//WPHC2;','wphc_data[i]=wphc_data[i]+1;',$in);
}
add_filter('wphc_jskey', 'wphc_jskey_ext');
add_filter('wphc_getjs', 'wphc_getjs_ext');
?>

You may use substraction, addition, xor, byte-swapping or any other method you like to improve security. The security is not so much what is done to the key, but that the routine is slightly different from other blogs.

Changes to WP Hashcash required for this to work:
Patch file (only changes)
Whole file

© GeekLabInfo WordPress spam filtering: improved. is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Magento and safe mode

The e-commerce application magento, for some reason, expects to have a lot of permissions on every server. One thing I stumbled upon when trying to install magento, was the creation of /tmp/magento/var.

Since /tmp could be shared between all users, this may not be the safest way. That's why my servers don't allow access to /tmp, but have a personal /tmp-style directory instead.

I got the error:
[Thu Feb 04 21:24:21 2010] [error] [client 1.2.3.4] PHP Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/tmp/magento/var) is not within the allowed path(s): (/blah/blah/website.com:/usr/share/pear:/var/www/error) in /blah/blah/website.com/app/code/core/Mage/Core/Model/Config/Options.php on line 214

The fix is very, very easy. But since I couldn't find anyone else posting the exact fix, I thought I'd do it.

in app/code/core/Mage/Core/Model/Config/Options.php on line 137, you find:
public function getSysTmpDir()
{
return sys_get_temp_dir();
}

Change it to:
public function getSysTmpDir()
{
return $_SERVER['DOCUMENT_ROOT'].'/your_secret_tmp_dir/';
}

© GeekLabInfo Magento and safe mode is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
Loading...