CompuSkills Blog

Just to let you know, if you haven’t already seen it on the dashboard, but WordPress has been upgraded to 2.6.5.

This upgrade fixes a security problem so unless you have an overwhelming reason not to, it is advised that you upgrade as soon as possible. From the WP Blog:

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

Also, as a result of the faked 2.6.4 version that was passed around, WP decided to skip this release number (which is why you should be upgrading from 2.6.3 to 2.6.5). WordPress have stated there will never be a verion 2.6.4 release.

After quite a wait, Wordpress 2.2 is now available for download and install.

While we think this is a good thing, Compuskills are currently advising customers who have a WP 2.1.3 installation to hold off for a little while before doing the update. If you give it a few days, people will have the chance to check out the new code, hopefully also identifying potential problems and pitfalls.

Unless your system is really “not critical” and you dont mind the risk of potentially considerable downtime, do not update straight away. If you do choose to update (now or at a later date), please ensure you make a full back up of your system - just in case. If you have any problems with this, please contact us and we will assist you.
[tags]Wordpress, Blog Software, Software, Compuskills, WordPress Upgrade[/tags]

Although it is very early to make any conclusions, it is worth noticing that in the 24 hours since we instituted a small change to the .htaccess rules on one of the blogs we manage (talked about in previous post), the volume of spam comments being held by Akismet has dropped by almost 75%. Comparing the last 24 hours with the same 24 hour period over the last six weeks (all we have data for at this time) it seems the spam comments have dropped from around 240 a day to around 70.

Now, we are not for a second saying that blocking out LayeredTech.com is the sole reason for this reduction but it is the only change we have instituted. We will continue to monitor this and report any other findings as and when they occur.
[tags]Wordpress, Spam, Bot, spam bot, LayeredTech, Akismet, Technology, Badbot, Spammers, Compuskills[/tags]

Recently we were reviewing the measures we could take to reduce the spam hitting the email accounts we manage and the blogs we are responsible for overseeing. It will probably come as no surprise to most of you, but it was very easy to identify some obvious trends. Fortunately a response was equally easy. By and large, with wordpress blogs, plugins such as Akismet work wonders and prevent mountains of spam getting through. The concern raised with us was bots searching for email addresses or other such information. (Ideally, the blogs will not have this sort of data available, we always recommend using a properly designed contact form rather than leaving a contact email address)

In a nutshell, we reviewed the site access logs and blog plugins such as “Firestats” to identify anything which seemed to be unusual activity. While this is not easy to determine with 100% accuracy, the things we looked for were along the lines as the same IP address hitting a page every fraction of a second (faster than a human could read), IP addresses which spoofed a user agent (UA) string (the most common example of this seems to be a UA string which presents itself as a random string of letters), and IP addresses which are already identified as posting spam comments / trackbacks.

During the early stages of looking at this, one of the things which immediately jumped out at us was the “owner” of the vast majority of the IPs which were being flagged. On one of the blogs, hits were being generated by a UA which was identifying itself with variations of “Sentxmcuk nlbhr crtyoqb” (and other strings of letters, another example used “Himq nwfjrztb dtsuw”). The way this UA was visiting was certainly different from the more normal user agents and there was a massive similarity in the IP addresses. By and large they were coming from 72.232.234.xxx and 72.232.83.xxx (for example the Sentxmcuk UA used IP address 72.232.234.138.)

These addresses belong to a company called LayeredTech, and a quick google search brought up two posts on Village-idiot.org (post 1 and post 2), which went a long way to confirm our initial suspicions. It seems lots of people have been getting quantities of spam from IP addresses which resolve to LayeredTech.com.

At the moment, we here at Compuskills are using a reactive policy of dealing with this: in the .htaccess file we have a section which reads:

order allow,deny
…
deny from 72.232.234.
deny from 72.232.83.
…
allow from all

and we would strongly recommend you institute a similar approach on your site if you have not already done so. Obviously this is hampered by only blocking the addresses after they have been detected hitting the site, and has the risk of blocking genuine visitors, but until we can collect more data it seems overkill to block all of LayeredTech’s IP addresses.
[tags]Wordpress, Spam, Bot, spam bot, LayeredTech, Akismet, Technology, Badbot, Spammers, Compuskills[/tags]

FireStats is a system for getting web statistics. You can download it from firestats.cc homepage or you can get it as a WordPress plugin for a blog.

It gives you a fascinating insight into how many hits your pages are getting, which pages are getting accesssed, how they got there, what browsers and operating systems visitors use and the IP addresses and countries of origin of your visitors. This information is useful for so many purposes.

• First, it’s very helpful to know what people are interested in on your website. The pages that people visit may be surprising. This can help you tailor your content to your customers’ needs.
• Referrers can tell you what links are good at driving traffic to your site. You can then choose to develop more links of the types that are worthwhile.
• Referrals from search engines can also be enlightening. You may have been disappointed to find that you came low down on Google for your key words, for instance. Firestats will show you what Google searches have actually brought traffic. You may find you rank surprisingly highly in searches that you would never have anticipated. If you are trying to optimise your pages for search engines, you will find some useful pointers to what text will bring visits and put you at the top of the search pages.
• The information on browsers and operating systems is very helpful when you are tweaking your site design. For example, if you have a site which looks brilliant in Internet Explorer 7, it might be a salutary shock to find that only 5% of your visitors use this. You may have to forego the effects and adapt your site to older browsers. If most visitors use Firefox, this should become your priority in designing pages. You may find that a significant proportion of visitors are using mobile devices or feed readers. This certainly calls for more thorough website design testing than you might do if you imagine your visitors are all sitting at Windows PCs using Internet Explorer.
• The Firestats information on operating systems may help you decide if your content is matching your visitors’ interests. An open-source focussed site can find it has very much more traffic than would be indicated by other web statistics generators, such as Alexa, which concentrate only on IE.
• Location information could be very important for tailoring content or for choosing which languages your site should appear in. Knowing where your customers are could be a crucial marketing tool for an e-commerce site and could help you in planning global distribution strategies. The location information seems infinitely more accurate than the information generated by Alexa for instance, as well as being 6 month more up to date,

The installation process seems relatively painless in WordPress. Once it’s installed, it’s very easy to use. You can show traffic statistics on your homepage, although I have doubts about whether this is a good idea, except for an activist site. You can adjust your settings to exclude your own visits and to ignore bots.

Altogether this is a fantastic free service. At the very least, you can see how your site is getting on, in real time. You can adjust what you offer and be able to tell very quickly whether your changes are likely to achieve what you want. You don’t need to wait months for a report from an external service. Highly recommended.

Tags: Firestats, web design, website, traffic, Software, Web Design Software, traffic analyser, site redesign, Wordpress, blogging, blog

After committing the cardinal sin of using the “Web 2.0″ phrase in a previous post, I was curious enough to look round some other sites to see what sorts of nonsense there is out there.

By pure chance, I also looked through the logfiles and statistics on several of the sites I have access to and I found some recent indexing by a bot which identified itself as “complex_network_group” from http://cantor.ee.ucla.edu/~networks/crawl . To check what bot it was (and decide to allow or block via a .htaccess edit), I visited the site in question.

It appears to be a project of the UCLA complex networks group who carry out research into “the science and engineering of complex networks and systems.”

Now the main thrust of this post is about the lead sentence on the Crawl page mentioned above. It outlines the Objective and reads: (verbatim extract)

To develop, a multi-paradigm network modeling framework, together with a characterization of tradeoffs between speed and accuracy for multiple modeling approaches, as a function of different types and scales of networks, protocols, traffic and application types, and metrics.

Seriously, that is a single sentence. Wow. What an amazing combination of buzz words. I can only assume they used a random word generator for this…

Technorati Tags: Bot, UCLA, Technology, Crawler, Web Search, Buzz+Words, Technospeak, Gibberish, Search Engine, Internet

What is Javascript? Firstly, Javascript has little in common with Java, which is a full-scale programming language. Javascript is a scripting language, mainly used to add functionality to web pages, through actions performed on the user’s computer (client-side) Javascript can carry out actions that aren’t possible using standard HTML. These actions include opening pop-up windows, setting cookies and validating user input on forms before they are submitted.

Technorati Tags:Javascript AJAX Web 2.0 Accessibility Client Side Scripts Client Side Scripting

Who sets the standards for HTML? The W3 (World Wide Web Consortium). The consortium was created 1994, to achieve agreement on core principles and components of the web standards.

Technorati Tags: Web Design HTML XHTML Internet FAQ Frequently Asked Questions W3 World Wide Web Consortium

Should I use Web 2.0 technologies and techniques?

As always, the answer depends on what your web site does.

If it’s a hobby site, it’s up to you how far you want to enhance the user’s experience.

If it’s an educational or cultural site, experimental sites are always welcome, even expected. However, you will probably have to be confident that your pages are going to be accessible to every user.

For a commercial site - make sure it works and doesn’t show off your web team’s coding skills at the expense of meeting your customers’ needs.

Technorati Tags: Web Design HTML XHTML Internet Web 2.0 Web Code FAQ Frequently Asked Questions

Why use a style sheet? In the past, formatting instructions were embedded in HTML. So a block of text to be shown in 16 point red Times Roman ended up being surrounded by the tags <FONT FACE=”Times”> <FONT COLOR=”red” > <FONT SIZE=”16pt”> (before the text) and </FONT></FONT></FONT> (after it). This takes a lot of effort, tags have to be frequently opened and closed. It is easy to put a closing tag in the wrong place or forget to add one, with unintended effects on the page display. It is difficult to read and edit the page text when there is a forest of embedded layout tags. It is very difficult to change the appearance of a page, as you need to edit huge numbers of separate tags. This becomes really important in dynamic webpages, where content is supplied from a database on request. It’s also very important where you want to keep a consistent look throughout several, even hundreds of pages.

For several reasons, people who care about the structure of webpages prefer to see more elegant code, with layout tags kept separate from structure identifiers. Hence, style sheets are the preferred mechanism for creating modern webpages. It’s a good general principle to use css, wherever practicable.

Tags: CSS Design Web Design Style Sheets Compuskill FAQ Frequently Asked Questions