Month: August 2006

It’s bug hunt time.

On By westiIn Development, WordPress6 Comments

It’s time to dig out that can of RAID and get bug hunting again. Lloyd suggested another bug hunt on the wp-testers list and Ryan has suggested a time 01:00 UTC on August 30th 2006 (Although due to work commitments it likely I won’t make the Bug Hunt until 17 hours later :-(). For more information about the bug hunt process you can read the questions and answers section of the WordPress Bug Hunts page on the codex.

If you need some help in understanding the process of using subversion to access the WordPress code and applying or making patches then I suggest you read through one of the few articles about working on WordPress – Specifically there are Marks’s instructions for working on MAC OS X or Linux and my instructions for working with Tortoise SVN on Windows.

So what bugs are we hunting this time? Well my personal preference would be for people to work through the lists of Has Patch tickets, i.e. those which someone has coded a fix for, and test the patches against the current trunk code adding bg|tested and/or bg|commit to the keywords for the ticket so as to show that the patch works as described and is ready for commit to the WordPress code. After all we have far too many patches, 187 at present, sitting there that either need committing or rejecting.

Hopefully then Ryan can work through the list of Commit Candidate tickets committing them to the code :-).

The content thieves return

On By westiIn Asides, Rants, WordPress3 Comments

It seems that content theft is the current craze amongst wanabee adsense millionaires. So much so that they don’t even pay attention to the content they are stealing.
The latest culprit “WordPress Planet” @ weblog-pla.net/wp is even stealing the content of my last post about content theft! Compare the original and the stolen copy
As ever I have reported the culprit to google and expect there adsense account to die fairly soon.

A new kind of pingback spam

On By westiIn Security, WordPress1 Comment

Today I received the first of what I think might be a new kind of pingback spam. One which passes all the usual checks – i.e. the source site contains a link back to the post pingbacked (or at least does at the time the pingback occurs) and supports the pingback specification.

Basically what the spammers appear to be doing is creating the spammy article and then designating a paragraph at the end of the message to temporarily contain an outgoing link. They then automate the manipulation of this paragraph and the sending of pingbacks so as to get linkbacks to there article from multiple remote sites. This means that for approximately a five minute period around the time at which you receive the pingback your site is linked. Then they move onto another target and you are no longer linked but they hope are still linking back to them.

What can we do to fight against this type of pingback spam? I think a new spam rule for validating pingbacks is to ensure that the extracted pingback content contains more that just a link to your post and actually includes some texts as well. For example the following, as extracted pingback content, would be treated as possible spam:

[…] http://example.com/my-post […]

To conteract this new kind of pingback spam I’ve hacked together a simple Spam Karma 2 plugin which gives a -5 karma hit to pingbacks containing one link as there whole content to force them into moderation (by default pingbacks get a +4 bonus as they are harder to spoof than trackbacks).

You can download the Spam Karma 2 plugin here: sk2_pjw_pingback_plugin.0.01.zip

Installing is as easy as:

  1. Install Spam Karma 2
  2. Activate Spam Karma 2
  3. Unzip the plugin into the sk2_plugins directory within the SK2 directory in your plugins folder. (e.g. wp-content/plugins/SK2/sk2_plugins/)