Spambots here, spambots there

Spambots every fucking where.
That’s a ONE week overview of the amount of times someone either tries to spam or hack this site.
Seriously people, get a life.

Blocking WordPress xmlrpc.php scans

My server was frying at 100% cpu usage when I saw my apache log filled with these: - - [17/Oct/2014:15:28:16 +0200] "POST /xmlrpc.php HTTP/1.0" 200 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
Apparently there are bots going around hammering sites that have WordPress running to try and abuse xmlrpc to ddos other sites.
I tried some xmlrpc plugins but they didn’t do anything for me so I decided to nip in the bud at .htaccess level, thus blocking the requests at apache level and preventing php and mysql from getting hammered by adding this to my .htaccess file:
RewriteCond %{REQUEST_URI} =/xmlrpc.php [NC]
RewriteCond %{HTTP_USER_AGENT} .*Mozilla\/4.0\ \(compatible:\ MSIE\ 7.0;\ Windows\ NT\ 6.0.*
RewriteRule .* - [F,L]

So now all scans get an error 403: - - [18/Oct/2014:12:31:54 +0200] "POST /xmlrpc.php HTTP/1.0" 403 275 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
And my server is idling again.

WordPress vCard themes

I’ve been looking at Social Media in the Netherlands a lot lately, looks like we’re finally catching up to the US.
Here’s a nice round up of vCard style themes to transform WordPress into a personal online business card, portfolio, resume or what have you not. I think a personal site is still a good home base as it’ll always stay regardless of the flavor du jour in social network sites.

WordPress Security: Limit Login Attempts

Limit Login Attempts

The picture says it all really. There are bots active trying to hack WordPress sites all over the web by trying to log in to your account using any and all possible password combinations.
This plugin allows you to lock it down by setting the amount of retries you allow before the ip address of the person trying to get in gets blocked. It’s effective, and necessary.
Also make sure you rename the default admin account as this is the username the bots use for their login attempts.

WordPress attachment spam

One year later and I still have to manually edit a core WordPress file after every release because they STILL haven’t patched it themselves, meaning that even if you set comments to closed after a certain period, all the attachment pages under the post still get hit by spam comments.
Come on WP…

WordPress app 3.0 for iPad

Every time they release a new version I take a look to see what’s improved.
And every time I take a look I wonder why I’d use it.
Don’t get me wrong, it’s free, reasonably quick and quite actively updated. I just don’t see the point of it when I can just use Safari for the familiar WordPress Dashboard where everything works exactly the way I’m used to. It’s also bloody fast on Safari.
Compare that to the screenshots of the app version and I just wonder about some UI choices that seem like a minimalistic text editor. Or why the stats are confined to a small bar on the side leaving most of the screen quite literally completely empty.
Oh well, I’ll look again when 4.0 is released.

iPad app:

Safari on the iPad:

Fighting comment spam

As I mentioned before, I’m being hit by comment spam at a rate of hundreds a day. Akismet flags them as spam thank god, but I’d still prefer them not to even get recorded to begin with.
It seems automated and hitting older posts, so in an attempt to stop the tide I’ve disabled comments on posts older than 90 days. Unfortunately WordPress disregards its own settings when it comes to attachment pages, for this I had to sneak into wp-includes/comment.php and modify 2 lines.
In my current version (3.3.2) it’s lines 1963 & 2002, where I changed
$post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) );
$post_types = apply_filters( 'close_comments_for_post_types', array( 'post', 'attachment' ) );
Fingers crossed.

WordPress 3.3 released

WordPress 3.3 has been released, bring on the awesome. I hope the new media manager works as great as it looks.

Let it snow, let it snow, let it snow

We’ve got snowspray on the windows,
it started snowing a bit further up in our country and
now we have snow here on the site.
Let it snow!

Work in progress... not home!
Trying to get all/most of the new code working before I start on the eyecandy.